General
-
Target
f494b1d6c53b6b00a11b44f589c023fd9bb431accb0493c20d8d6b6d8bfe7a87
-
Size
286KB
-
Sample
211126-sagcpsgcg9
-
MD5
afdd4594b60a0b0ca70934d13eb4440e
-
SHA1
28cc3504a3bd7f96a4536a81b2f9213e162c3684
-
SHA256
f494b1d6c53b6b00a11b44f589c023fd9bb431accb0493c20d8d6b6d8bfe7a87
-
SHA512
fd93bd857ee0d21d2edc8d32f54675dd22ec1c91c059e39ea88568ee9a5453d5850ec9ecbd9b9e12bf5fe2863717489a83e840096d0e0b525b0d6be1c1e8f5c6
Static task
static1
Malware Config
Extracted
redline
udptest
193.56.146.64:65441
Targets
-
-
Target
f494b1d6c53b6b00a11b44f589c023fd9bb431accb0493c20d8d6b6d8bfe7a87
-
Size
286KB
-
MD5
afdd4594b60a0b0ca70934d13eb4440e
-
SHA1
28cc3504a3bd7f96a4536a81b2f9213e162c3684
-
SHA256
f494b1d6c53b6b00a11b44f589c023fd9bb431accb0493c20d8d6b6d8bfe7a87
-
SHA512
fd93bd857ee0d21d2edc8d32f54675dd22ec1c91c059e39ea88568ee9a5453d5850ec9ecbd9b9e12bf5fe2863717489a83e840096d0e0b525b0d6be1c1e8f5c6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-