General
-
Target
79c79134a1502b989cf4fd51e278a60b4f82c28da1e0bfd26bdaaa797bc039f2
-
Size
393KB
-
Sample
211127-dqwd8sbeh8
-
MD5
a971cd40728c562cf0f6ab278100bf9b
-
SHA1
7d09830b421d54c978c482abcbdb2db5a081f67c
-
SHA256
79c79134a1502b989cf4fd51e278a60b4f82c28da1e0bfd26bdaaa797bc039f2
-
SHA512
e9c441ef681ed29871ee9e44f45d95391f56f2544cf28d02a0e0141208f9fa71519e61249c8514e4cb785895356b323d84f8bdad5a4b046471bfce0d889e85e1
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
79c79134a1502b989cf4fd51e278a60b4f82c28da1e0bfd26bdaaa797bc039f2
-
Size
393KB
-
MD5
a971cd40728c562cf0f6ab278100bf9b
-
SHA1
7d09830b421d54c978c482abcbdb2db5a081f67c
-
SHA256
79c79134a1502b989cf4fd51e278a60b4f82c28da1e0bfd26bdaaa797bc039f2
-
SHA512
e9c441ef681ed29871ee9e44f45d95391f56f2544cf28d02a0e0141208f9fa71519e61249c8514e4cb785895356b323d84f8bdad5a4b046471bfce0d889e85e1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-