General
-
Target
81fb6b8a8d20dab5752cf390fb96bdea22b7e47136d02ec59d112bda856f0bec
-
Size
204KB
-
Sample
220912-xk32nshffl
-
MD5
568f063d6b5200d3cd3a5f27acb89450
-
SHA1
f20d632ce99244212c851dc2ae7865d3b47e6f25
-
SHA256
81fb6b8a8d20dab5752cf390fb96bdea22b7e47136d02ec59d112bda856f0bec
-
SHA512
5906f7f26cf0c6f6ee098649434e0d380d5d29d9834483fbf0395abd4d144398ecebd144ac355c179aeb51125f7e9aaec838edac33c23e5ebde01402ccad3357
-
SSDEEP
3072:JgsaWWcPzBjzkRlLJkL3CijFKXgyeDvseq+PJPsO/VXafg2+UaDCai8DgfUpS+g:JTWQBjzoJmb9tPsOtKfJ+Usg
Static task
static1
Malware Config
Extracted
redline
sep10as1
185.215.113.122:15386
-
auth_value
e45012eae57b2e57b34752fc802550c3
Targets
-
-
Target
81fb6b8a8d20dab5752cf390fb96bdea22b7e47136d02ec59d112bda856f0bec
-
Size
204KB
-
MD5
568f063d6b5200d3cd3a5f27acb89450
-
SHA1
f20d632ce99244212c851dc2ae7865d3b47e6f25
-
SHA256
81fb6b8a8d20dab5752cf390fb96bdea22b7e47136d02ec59d112bda856f0bec
-
SHA512
5906f7f26cf0c6f6ee098649434e0d380d5d29d9834483fbf0395abd4d144398ecebd144ac355c179aeb51125f7e9aaec838edac33c23e5ebde01402ccad3357
-
SSDEEP
3072:JgsaWWcPzBjzkRlLJkL3CijFKXgyeDvseq+PJPsO/VXafg2+UaDCai8DgfUpS+g:JTWQBjzoJmb9tPsOtKfJ+Usg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-