General
-
Target
006407341a7814a2f6ba46c9c948ff8659aa10340eec6d6b2e0399db71bc4b3c
-
Size
369KB
-
Sample
211016-ks4lysbgf5
-
MD5
040df1e0d5a97f28ced3268dbfe91a9d
-
SHA1
b60131c0a51b6a14bb11a0dac0772b03a71ef079
-
SHA256
006407341a7814a2f6ba46c9c948ff8659aa10340eec6d6b2e0399db71bc4b3c
-
SHA512
0db402fecc2986e413323238fbe707a923d1a7cd99ffcfdb998413ce6ecdc80973508bfc500fd9c927c3b1133c668cd128f85a3f80297f9cc0055e5b61e49c0c
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
006407341a7814a2f6ba46c9c948ff8659aa10340eec6d6b2e0399db71bc4b3c
-
Size
369KB
-
MD5
040df1e0d5a97f28ced3268dbfe91a9d
-
SHA1
b60131c0a51b6a14bb11a0dac0772b03a71ef079
-
SHA256
006407341a7814a2f6ba46c9c948ff8659aa10340eec6d6b2e0399db71bc4b3c
-
SHA512
0db402fecc2986e413323238fbe707a923d1a7cd99ffcfdb998413ce6ecdc80973508bfc500fd9c927c3b1133c668cd128f85a3f80297f9cc0055e5b61e49c0c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-