General
-
Target
e10edbe876f7cf994bb75ff1c3f0bb1b69007aab442389e26f429229a9bdc30e
-
Size
287KB
-
Sample
220913-wtl9vacbap
-
MD5
f6622446dc2a990f3a55f36c4e30e539
-
SHA1
260658a8bb2302d5c4fbba61931aab985f6a8d0e
-
SHA256
e10edbe876f7cf994bb75ff1c3f0bb1b69007aab442389e26f429229a9bdc30e
-
SHA512
2564f225b36870ebdb56cfee83b64bbd113074b298d7a19904f1d0b8987e3ed3a1d3e413beb7c3b3562ef2d4695cf78095333f708bb06e8f624a4ce8c2cf3654
-
SSDEEP
6144:KptKKMUvYGxwLBjzPrZGY4gMezKX69fr7OneMA:8cnYYGGN4ngMezEeD
Static task
static1
Malware Config
Extracted
redline
sep10as1
185.215.113.122:15386
-
auth_value
e45012eae57b2e57b34752fc802550c3
Targets
-
-
Target
e10edbe876f7cf994bb75ff1c3f0bb1b69007aab442389e26f429229a9bdc30e
-
Size
287KB
-
MD5
f6622446dc2a990f3a55f36c4e30e539
-
SHA1
260658a8bb2302d5c4fbba61931aab985f6a8d0e
-
SHA256
e10edbe876f7cf994bb75ff1c3f0bb1b69007aab442389e26f429229a9bdc30e
-
SHA512
2564f225b36870ebdb56cfee83b64bbd113074b298d7a19904f1d0b8987e3ed3a1d3e413beb7c3b3562ef2d4695cf78095333f708bb06e8f624a4ce8c2cf3654
-
SSDEEP
6144:KptKKMUvYGxwLBjzPrZGY4gMezKX69fr7OneMA:8cnYYGGN4ngMezEeD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-