General
-
Target
c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722
-
Size
692KB
-
Sample
211122-23hwnshacj
-
MD5
ec8458f0550a2989e1dbbd7f068984f3
-
SHA1
4880b92f184ab7ab2a1697e69bd00c173108a0b8
-
SHA256
c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722
-
SHA512
03e6acd4a725c764ac1e4d637ceb8e3f67c6c33ca71d25ed4c8050c5bed8e16d78021e6812d4f4f3565f66fa88f1b157ca0c462b5aaced15a84712099bf8b512
Static task
static1
Malware Config
Extracted
redline
test1
65.108.4.86:21391
Targets
-
-
Target
c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722
-
Size
692KB
-
MD5
ec8458f0550a2989e1dbbd7f068984f3
-
SHA1
4880b92f184ab7ab2a1697e69bd00c173108a0b8
-
SHA256
c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722
-
SHA512
03e6acd4a725c764ac1e4d637ceb8e3f67c6c33ca71d25ed4c8050c5bed8e16d78021e6812d4f4f3565f66fa88f1b157ca0c462b5aaced15a84712099bf8b512
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-