General
-
Target
9ae4357a7caef4cdb09a004957fd4e3d679d1a6cb5bca40ddc926d3588be74cf
-
Size
337KB
-
Sample
211021-kr852sahck
-
MD5
bb7fd575bdfc492e570e478cd4e31e43
-
SHA1
777f51801efc0fc172db1d3872b41038ed77b671
-
SHA256
9ae4357a7caef4cdb09a004957fd4e3d679d1a6cb5bca40ddc926d3588be74cf
-
SHA512
5a8d7fbb0daabe25feb42b00cf1716cf489cb1c0d00e2dc4ca8b453dc3b99b3f90b42978d0a490b8a769399e3d3fb7f18c02cc235daf5dba59cd62a775359a10
Static task
static1
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
9ae4357a7caef4cdb09a004957fd4e3d679d1a6cb5bca40ddc926d3588be74cf
-
Size
337KB
-
MD5
bb7fd575bdfc492e570e478cd4e31e43
-
SHA1
777f51801efc0fc172db1d3872b41038ed77b671
-
SHA256
9ae4357a7caef4cdb09a004957fd4e3d679d1a6cb5bca40ddc926d3588be74cf
-
SHA512
5a8d7fbb0daabe25feb42b00cf1716cf489cb1c0d00e2dc4ca8b453dc3b99b3f90b42978d0a490b8a769399e3d3fb7f18c02cc235daf5dba59cd62a775359a10
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-