General
-
Target
7e032138b9e7ddc0e4642b3ee42a373fdff575a2a42fef8204c47f0c1a445f86
-
Size
114KB
-
Sample
220830-etaglsbfal
-
MD5
9903088be4e00d4c6020f85c049869dc
-
SHA1
5c7fbf5fbf256f858297bcc38a9df8d597377cb9
-
SHA256
7e032138b9e7ddc0e4642b3ee42a373fdff575a2a42fef8204c47f0c1a445f86
-
SHA512
6f6f5269a38b1f6147f917b095f0e621860702c283643b3cc486499c8c61a799789e44cf31763b6cf7c2e7af61d09d967d9b9e01250fa2a1949aaa7ee6524c61
-
SSDEEP
1536:rK6DS0wmpHEkMW2nzfPfqQklJXs7MmmwoItEQop08vrLM8buOfMoICLe0wuei6k0:mkvpHEk7SaF2oItrop9P/Godah20
Malware Config
Extracted
redline
Bot
103.173.226.188:19733
-
auth_value
bd44af08de57612871a5de0c3c534b39
Targets
-
-
Target
7e032138b9e7ddc0e4642b3ee42a373fdff575a2a42fef8204c47f0c1a445f86
-
Size
114KB
-
MD5
9903088be4e00d4c6020f85c049869dc
-
SHA1
5c7fbf5fbf256f858297bcc38a9df8d597377cb9
-
SHA256
7e032138b9e7ddc0e4642b3ee42a373fdff575a2a42fef8204c47f0c1a445f86
-
SHA512
6f6f5269a38b1f6147f917b095f0e621860702c283643b3cc486499c8c61a799789e44cf31763b6cf7c2e7af61d09d967d9b9e01250fa2a1949aaa7ee6524c61
-
SSDEEP
1536:rK6DS0wmpHEkMW2nzfPfqQklJXs7MmmwoItEQop08vrLM8buOfMoICLe0wuei6k0:mkvpHEk7SaF2oItrop9P/Godah20
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-