General
-
Target
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80
-
Size
364KB
-
Sample
211019-qer9naggbk
-
MD5
21aabbc6698116740f9456ffd2070abf
-
SHA1
7d6e590624083e3b92ce790ff8de7147b07923d3
-
SHA256
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80
-
SHA512
b05c23e6c45835038579ae634e63e20dc91bfcf8e14492e5f003fbf4b610f993166779ca9b735116bef0521af2fc29a293b3062ff63cae5b17bd4bc19848ae53
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80
-
Size
364KB
-
MD5
21aabbc6698116740f9456ffd2070abf
-
SHA1
7d6e590624083e3b92ce790ff8de7147b07923d3
-
SHA256
930768cf39b20c4925e1c6051df19913a3dd75e56eeb7fead627faca21cf2c80
-
SHA512
b05c23e6c45835038579ae634e63e20dc91bfcf8e14492e5f003fbf4b610f993166779ca9b735116bef0521af2fc29a293b3062ff63cae5b17bd4bc19848ae53
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-