General
-
Target
d71718cc15092d5138b3b990899092473f913d776229fa78f2aef3b8f9149448
-
Size
364KB
-
Sample
211019-skcghagag6
-
MD5
bbc15c0f2020fb92d55347f299f990da
-
SHA1
0a8325d061f30b5f97020687c34277191114a9e1
-
SHA256
d71718cc15092d5138b3b990899092473f913d776229fa78f2aef3b8f9149448
-
SHA512
5d1d0e8b4a669d0463363f7d83dfe63a4bebbdb623cc48ebb252ae15dfcb48a492224d93bbd25ba51b63c5944571d81feddcec1030d86a97887c9331d806095a
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
d71718cc15092d5138b3b990899092473f913d776229fa78f2aef3b8f9149448
-
Size
364KB
-
MD5
bbc15c0f2020fb92d55347f299f990da
-
SHA1
0a8325d061f30b5f97020687c34277191114a9e1
-
SHA256
d71718cc15092d5138b3b990899092473f913d776229fa78f2aef3b8f9149448
-
SHA512
5d1d0e8b4a669d0463363f7d83dfe63a4bebbdb623cc48ebb252ae15dfcb48a492224d93bbd25ba51b63c5944571d81feddcec1030d86a97887c9331d806095a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-