General
-
Target
265cc8b9c67fff91e1390e66933c0769a54734659c59bdf76955cfbc2c064fa9
-
Size
390KB
-
Sample
211016-elxxyaceck
-
MD5
8fa168e88cfa7a16d8965c7be6b61384
-
SHA1
ac05dbab171713466ff0c843300b214d58c61549
-
SHA256
265cc8b9c67fff91e1390e66933c0769a54734659c59bdf76955cfbc2c064fa9
-
SHA512
8d7c114bf45074d2af2eb8a226007d6ff9be1caebf1e019f594d6f5dff130c199b90a3f7981c29fc295d1c82dec023c0399679a03fb3aaa22531999c87e11f71
Static task
static1
Malware Config
Extracted
redline
paladin
37.228.129.48:29795
Targets
-
-
Target
265cc8b9c67fff91e1390e66933c0769a54734659c59bdf76955cfbc2c064fa9
-
Size
390KB
-
MD5
8fa168e88cfa7a16d8965c7be6b61384
-
SHA1
ac05dbab171713466ff0c843300b214d58c61549
-
SHA256
265cc8b9c67fff91e1390e66933c0769a54734659c59bdf76955cfbc2c064fa9
-
SHA512
8d7c114bf45074d2af2eb8a226007d6ff9be1caebf1e019f594d6f5dff130c199b90a3f7981c29fc295d1c82dec023c0399679a03fb3aaa22531999c87e11f71
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-