General
-
Target
57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
-
Size
390KB
-
Sample
211016-gredwsceem
-
MD5
72a14140d37552b63e74de5f1510255d
-
SHA1
9af685fe59c7b73ef7c53a706513d595ca13c51d
-
SHA256
57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
-
SHA512
495c95c953e704a9de50fb9f0d9218d43903a04c5c4094ae86c9a3ae16c40a2310409cf6eaf0d9b525421fc37ace0723b8112130ad2886680ff383369ce0b785
Static task
static1
Malware Config
Extracted
redline
paladin
37.228.129.48:29795
Targets
-
-
Target
57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
-
Size
390KB
-
MD5
72a14140d37552b63e74de5f1510255d
-
SHA1
9af685fe59c7b73ef7c53a706513d595ca13c51d
-
SHA256
57cf6617bf5518952fc34d7a8bfe9459bd2820f819d07d8fa359cf262cba18da
-
SHA512
495c95c953e704a9de50fb9f0d9218d43903a04c5c4094ae86c9a3ae16c40a2310409cf6eaf0d9b525421fc37ace0723b8112130ad2886680ff383369ce0b785
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-