General
-
Target
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
-
Size
365KB
-
Sample
211015-sd8alabgfk
-
MD5
cc2792f322404d7033f396be113718d3
-
SHA1
d5c885ef21504532945cb824dbb571d87f385ccf
-
SHA256
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
-
SHA512
0bef035a20010af9e4fa9b84d502d3ee3940d781d9307a78ab8cf002b9e179cf4ad2c01786bcfa387c28206e6c2c9664f2d7b3805ba80b9c2f2460a29b02f861
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
-
Size
365KB
-
MD5
cc2792f322404d7033f396be113718d3
-
SHA1
d5c885ef21504532945cb824dbb571d87f385ccf
-
SHA256
6babf9a748f0c00b36e42da46bcb5116235299601b7944fcafdb034385369a44
-
SHA512
0bef035a20010af9e4fa9b84d502d3ee3940d781d9307a78ab8cf002b9e179cf4ad2c01786bcfa387c28206e6c2c9664f2d7b3805ba80b9c2f2460a29b02f861
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-