General
-
Target
9c8e31896602ba87449a7e0f19ce109dc59c4938ceb69e6581db1956ab734dce
-
Size
296KB
-
Sample
211126-z7ptnsacb9
-
MD5
e6c2849f5df03d8cf4c218b40bc8ff2d
-
SHA1
544cfcc090ef4f42dabcff867954645462f399a3
-
SHA256
9c8e31896602ba87449a7e0f19ce109dc59c4938ceb69e6581db1956ab734dce
-
SHA512
9037de94aaf356b3260e1a4b1e8d05e1bd1b799feb12ca1408ed150eaeac5fa0ac173ba7fea5f706110fde3565cf87d885f7af594e6f86eb21627609c652bbd9
Static task
static1
Malware Config
Extracted
redline
udptest
193.56.146.64:65441
Targets
-
-
Target
9c8e31896602ba87449a7e0f19ce109dc59c4938ceb69e6581db1956ab734dce
-
Size
296KB
-
MD5
e6c2849f5df03d8cf4c218b40bc8ff2d
-
SHA1
544cfcc090ef4f42dabcff867954645462f399a3
-
SHA256
9c8e31896602ba87449a7e0f19ce109dc59c4938ceb69e6581db1956ab734dce
-
SHA512
9037de94aaf356b3260e1a4b1e8d05e1bd1b799feb12ca1408ed150eaeac5fa0ac173ba7fea5f706110fde3565cf87d885f7af594e6f86eb21627609c652bbd9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-