General
-
Target
4864bbe14a2f492de273302d50843e1ed3d0943e481573e0628f3db7875c9c58
-
Size
361KB
-
Sample
220925-d11fyaedaq
-
MD5
8bf388d3812d29bdb3c7fdecdaa81898
-
SHA1
67db0cb653c1b4729d38df7f8954fb2d1d574586
-
SHA256
4864bbe14a2f492de273302d50843e1ed3d0943e481573e0628f3db7875c9c58
-
SHA512
f1db4db04452446af9bc5d8d3454fa18340bbe43a56bbf585b3d1e16d39ac26cc38eb47644662c7f79cc84b48e850e4cf9aea356288901f7c6e8ec38166dd52f
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
4864bbe14a2f492de273302d50843e1ed3d0943e481573e0628f3db7875c9c58
-
Size
361KB
-
MD5
8bf388d3812d29bdb3c7fdecdaa81898
-
SHA1
67db0cb653c1b4729d38df7f8954fb2d1d574586
-
SHA256
4864bbe14a2f492de273302d50843e1ed3d0943e481573e0628f3db7875c9c58
-
SHA512
f1db4db04452446af9bc5d8d3454fa18340bbe43a56bbf585b3d1e16d39ac26cc38eb47644662c7f79cc84b48e850e4cf9aea356288901f7c6e8ec38166dd52f
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-