General
-
Target
9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
-
Size
414KB
-
Sample
211020-z1h3jshfb3
-
MD5
e60b0a87a3c1b9aa776e27eb514df964
-
SHA1
2bab7e70e32d50a870e327ef1ea004a568b5acd2
-
SHA256
9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
-
SHA512
2ec32d69e9036b89a8eba6de01e8596f46e70be388fa5bd366af3a376fe791050085f08868ff3a0a2fd662e81bf9267443d833a0441462d2a76a661284e36257
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
-
Size
414KB
-
MD5
e60b0a87a3c1b9aa776e27eb514df964
-
SHA1
2bab7e70e32d50a870e327ef1ea004a568b5acd2
-
SHA256
9a80f93cebccb3b6346de5ab8fb6fe02d84b88a9bbc174413a0879340099251d
-
SHA512
2ec32d69e9036b89a8eba6de01e8596f46e70be388fa5bd366af3a376fe791050085f08868ff3a0a2fd662e81bf9267443d833a0441462d2a76a661284e36257
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-