General
-
Target
70c72a26044f1864f7d4db6d9a68e5a03821ef21868756d76b0ba162762cb466
-
Size
363KB
-
Sample
211015-skkg4sbba7
-
MD5
bef5465b8cb21c272de1a5184263fadb
-
SHA1
b40b01fcf9229a409493980a9a4b69f273652eaf
-
SHA256
70c72a26044f1864f7d4db6d9a68e5a03821ef21868756d76b0ba162762cb466
-
SHA512
b4edc2d7d74865231cc3b396a2362c93301ad09278209724ae6d47eff2e9b8275e363b8493e937fa06a08b4ee7c5c5c091f3982796bdc2bdb64a7f9dcef7808f
Static task
static1
Malware Config
Extracted
redline
bir
94.228.116.174:44006
Targets
-
-
Target
70c72a26044f1864f7d4db6d9a68e5a03821ef21868756d76b0ba162762cb466
-
Size
363KB
-
MD5
bef5465b8cb21c272de1a5184263fadb
-
SHA1
b40b01fcf9229a409493980a9a4b69f273652eaf
-
SHA256
70c72a26044f1864f7d4db6d9a68e5a03821ef21868756d76b0ba162762cb466
-
SHA512
b4edc2d7d74865231cc3b396a2362c93301ad09278209724ae6d47eff2e9b8275e363b8493e937fa06a08b4ee7c5c5c091f3982796bdc2bdb64a7f9dcef7808f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-