General
-
Target
86331b79cf5f678b4585cd545e667ec711e96bd9f52e5291dea4ee1b0da92abe
-
Size
361KB
-
Sample
220925-d2vl3sdad2
-
MD5
ffc00b281b2604ffe35726838a9fa2ef
-
SHA1
0222f08011bd49ec74b3095e49da92e4d33b398a
-
SHA256
86331b79cf5f678b4585cd545e667ec711e96bd9f52e5291dea4ee1b0da92abe
-
SHA512
fcdf769a4cf2c831f1f4e06a2396259eaa1b953211f1fe2b596129e2d6e06050d450e1db86ecfe071850895fc019eef661d8576d892b030c9cb11de6dfc168bb
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
86331b79cf5f678b4585cd545e667ec711e96bd9f52e5291dea4ee1b0da92abe
-
Size
361KB
-
MD5
ffc00b281b2604ffe35726838a9fa2ef
-
SHA1
0222f08011bd49ec74b3095e49da92e4d33b398a
-
SHA256
86331b79cf5f678b4585cd545e667ec711e96bd9f52e5291dea4ee1b0da92abe
-
SHA512
fcdf769a4cf2c831f1f4e06a2396259eaa1b953211f1fe2b596129e2d6e06050d450e1db86ecfe071850895fc019eef661d8576d892b030c9cb11de6dfc168bb
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-