General
-
Target
615815303f73a5f1aff93dc657d49de28e4490ce9057ddd70e64af43fc0b7368
-
Size
285KB
-
Sample
211126-gw9etseag3
-
MD5
b3ba10715fa06fe0fc017199d4cd3ee0
-
SHA1
8a34e3a68341fae7054e3b51d54343ca74081188
-
SHA256
615815303f73a5f1aff93dc657d49de28e4490ce9057ddd70e64af43fc0b7368
-
SHA512
f893400030ffda40f16b8f5323e614f0e522f0b6a786fdb428e439834d7055ea680086748a57a268cb1e49d6b19e3c50be17122315839367987c87a82719d0d3
Static task
static1
Malware Config
Extracted
redline
Pubdate
193.56.146.64:65441
Targets
-
-
Target
615815303f73a5f1aff93dc657d49de28e4490ce9057ddd70e64af43fc0b7368
-
Size
285KB
-
MD5
b3ba10715fa06fe0fc017199d4cd3ee0
-
SHA1
8a34e3a68341fae7054e3b51d54343ca74081188
-
SHA256
615815303f73a5f1aff93dc657d49de28e4490ce9057ddd70e64af43fc0b7368
-
SHA512
f893400030ffda40f16b8f5323e614f0e522f0b6a786fdb428e439834d7055ea680086748a57a268cb1e49d6b19e3c50be17122315839367987c87a82719d0d3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-