General
-
Target
05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6
-
Size
306KB
-
Sample
220618-gqxtvahfa2
-
MD5
753b85917e8456e20bac69a229b17cae
-
SHA1
a7d353d7b7a7bcb422935b7d03812b6f62c225ab
-
SHA256
05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6
-
SHA512
c335e7607d1bd9aa5d25a8daa922c6191b34d3eb807f30a97efbc3916a4a818abbe5968dc9b95c7dff28fa20854d97aa2a11f98b6207caffb0d120bc6497398a
Static task
static1
Malware Config
Extracted
redline
META
193.106.191.245:23196
-
auth_value
2ea67e19fe494687c77a179004b4a1c8
Targets
-
-
Target
05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6
-
Size
306KB
-
MD5
753b85917e8456e20bac69a229b17cae
-
SHA1
a7d353d7b7a7bcb422935b7d03812b6f62c225ab
-
SHA256
05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6
-
SHA512
c335e7607d1bd9aa5d25a8daa922c6191b34d3eb807f30a97efbc3916a4a818abbe5968dc9b95c7dff28fa20854d97aa2a11f98b6207caffb0d120bc6497398a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-