General
-
Target
f5c0e1eea15510e4dfdac14b693524b6860b9eb12661e9a89b2c81e978ff0a06
-
Size
1.3MB
-
Sample
220308-vdsk9ahcd4
-
MD5
a6f3ea01902e6522073f27d41806a153
-
SHA1
6a86c23b5aab14ab057af0888dfd8943eeea3b7b
-
SHA256
f5c0e1eea15510e4dfdac14b693524b6860b9eb12661e9a89b2c81e978ff0a06
-
SHA512
6c49100c0e11a9f90ca85546f0ac826aec5e28e9ac498c164ca50ae1b880a5be6141bcc2a58d2815f74e2fcd7a622ff98c125fe72b1c5868eb8d1cb0f1c9a865
Static task
static1
Malware Config
Extracted
redline
777
193.106.191.115:22844
-
auth_value
61f0a4658949823aea34c652fe3cd21d
Targets
-
-
Target
f5c0e1eea15510e4dfdac14b693524b6860b9eb12661e9a89b2c81e978ff0a06
-
Size
1.3MB
-
MD5
a6f3ea01902e6522073f27d41806a153
-
SHA1
6a86c23b5aab14ab057af0888dfd8943eeea3b7b
-
SHA256
f5c0e1eea15510e4dfdac14b693524b6860b9eb12661e9a89b2c81e978ff0a06
-
SHA512
6c49100c0e11a9f90ca85546f0ac826aec5e28e9ac498c164ca50ae1b880a5be6141bcc2a58d2815f74e2fcd7a622ff98c125fe72b1c5868eb8d1cb0f1c9a865
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-