General
-
Target
4292d5ba85a6006ae7654f6f2e76c5b1f4bfb82c7f1e7900161bd80a56d6dbaf
-
Size
405KB
-
Sample
211125-gq4mdsedcn
-
MD5
610e27e07f1f7bc5212d44100ba72c1c
-
SHA1
0fef17203dc2e9e62390f3fbfcfb6daff29c29ca
-
SHA256
4292d5ba85a6006ae7654f6f2e76c5b1f4bfb82c7f1e7900161bd80a56d6dbaf
-
SHA512
db32c34e8d83175765b187c6cdc889134aee8a9a83cf3de7b25843e70d049cae08fec345ee8a96e2ccca4c2f302068fc029f56f872185a9f2d93d0e1bddedd37
Static task
static1
Malware Config
Extracted
redline
Pubdate
193.56.146.64:65441
Targets
-
-
Target
4292d5ba85a6006ae7654f6f2e76c5b1f4bfb82c7f1e7900161bd80a56d6dbaf
-
Size
405KB
-
MD5
610e27e07f1f7bc5212d44100ba72c1c
-
SHA1
0fef17203dc2e9e62390f3fbfcfb6daff29c29ca
-
SHA256
4292d5ba85a6006ae7654f6f2e76c5b1f4bfb82c7f1e7900161bd80a56d6dbaf
-
SHA512
db32c34e8d83175765b187c6cdc889134aee8a9a83cf3de7b25843e70d049cae08fec345ee8a96e2ccca4c2f302068fc029f56f872185a9f2d93d0e1bddedd37
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-