General
-
Target
2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2
-
Size
423KB
-
Sample
211127-kr22qshgaj
-
MD5
5e1f1ed1b91c848a21479606acb2615a
-
SHA1
457c1ff71520637e8412def5b116e646f7bc52b5
-
SHA256
2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2
-
SHA512
a959d23f46e03ed2ebf951c37902db0bf173de1dd8a66095599ddedb7c01b3b505fdb67990f62197ef07572764b6a0fbafbe8ae695a4ad685e5b21b8a5d4a855
Static task
static1
Malware Config
Extracted
redline
Pubdate
193.56.146.64:65441
Targets
-
-
Target
2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2
-
Size
423KB
-
MD5
5e1f1ed1b91c848a21479606acb2615a
-
SHA1
457c1ff71520637e8412def5b116e646f7bc52b5
-
SHA256
2f9090ce3078e6954bba399926a9e735358626101188ac0d9994bff8161a4da2
-
SHA512
a959d23f46e03ed2ebf951c37902db0bf173de1dd8a66095599ddedb7c01b3b505fdb67990f62197ef07572764b6a0fbafbe8ae695a4ad685e5b21b8a5d4a855
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-