General
-
Target
6a1165948bf74953406a528d48d344c3004ffa0a7cbfd387fc99d4a1be85d642
-
Size
405KB
-
Sample
211125-tslktafgbm
-
MD5
22c435b6a7e6df1e678b7e749bfd7373
-
SHA1
c1e370b9d3027c28cd6e70b4233db659619a2b72
-
SHA256
6a1165948bf74953406a528d48d344c3004ffa0a7cbfd387fc99d4a1be85d642
-
SHA512
0ab53a70e915b8ec84bbc834d786e981c186c69243a8325349a4d7088254ac7c36ca0832f07720761f32e3935ddbdeced512d046191c999d37953441a87c1c5d
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
6a1165948bf74953406a528d48d344c3004ffa0a7cbfd387fc99d4a1be85d642
-
Size
405KB
-
MD5
22c435b6a7e6df1e678b7e749bfd7373
-
SHA1
c1e370b9d3027c28cd6e70b4233db659619a2b72
-
SHA256
6a1165948bf74953406a528d48d344c3004ffa0a7cbfd387fc99d4a1be85d642
-
SHA512
0ab53a70e915b8ec84bbc834d786e981c186c69243a8325349a4d7088254ac7c36ca0832f07720761f32e3935ddbdeced512d046191c999d37953441a87c1c5d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-