General
-
Target
f91b0471d5a12bbf49fbf1da1278cb57810d472e93a3f201e4cdc5f2040cca09
-
Size
214KB
-
Sample
220913-jpq11saggr
-
MD5
bb97a5fc62eb5dc111ca0b7136575d79
-
SHA1
44e4046e45b7a3b01bf21b8b309a019123108a78
-
SHA256
f91b0471d5a12bbf49fbf1da1278cb57810d472e93a3f201e4cdc5f2040cca09
-
SHA512
c427975760d2f22f1886edb8acfcf3168ad607e0e8ec60b181de47113321cef4542b24bbc03ce434c529b540e3b3d6f679fc48a5f1245e98a216b9eb340ae4c2
-
SSDEEP
3072:QKyoWw9CEqQYhBjzmPY9Eo0LuP8GcaLdibSgUzwJxjqsChsq9iBo0ZXt9:QBjzmPY9j0TbTUcJVqsCeq9iBoCXt9
Static task
static1
Malware Config
Extracted
redline
sep10as1
185.215.113.122:15386
-
auth_value
e45012eae57b2e57b34752fc802550c3
Targets
-
-
Target
f91b0471d5a12bbf49fbf1da1278cb57810d472e93a3f201e4cdc5f2040cca09
-
Size
214KB
-
MD5
bb97a5fc62eb5dc111ca0b7136575d79
-
SHA1
44e4046e45b7a3b01bf21b8b309a019123108a78
-
SHA256
f91b0471d5a12bbf49fbf1da1278cb57810d472e93a3f201e4cdc5f2040cca09
-
SHA512
c427975760d2f22f1886edb8acfcf3168ad607e0e8ec60b181de47113321cef4542b24bbc03ce434c529b540e3b3d6f679fc48a5f1245e98a216b9eb340ae4c2
-
SSDEEP
3072:QKyoWw9CEqQYhBjzmPY9Eo0LuP8GcaLdibSgUzwJxjqsChsq9iBo0ZXt9:QBjzmPY9j0TbTUcJVqsCeq9iBoCXt9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-