General
-
Target
5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
-
Size
1.2MB
-
Sample
220308-vdrc7ahcc3
-
MD5
785d2a137e07c46e7ea165de0f16cb51
-
SHA1
975258bbb7889f0ebabf1ef518cc673a56c6ab05
-
SHA256
5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
-
SHA512
e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d
Static task
static1
Malware Config
Extracted
redline
1
193.106.191.115:22844
-
auth_value
03a75a697cd88e0f34b1f6c08b8bbba9
Targets
-
-
Target
5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
-
Size
1.2MB
-
MD5
785d2a137e07c46e7ea165de0f16cb51
-
SHA1
975258bbb7889f0ebabf1ef518cc673a56c6ab05
-
SHA256
5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065
-
SHA512
e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-