General
-
Target
f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
-
Size
361KB
-
Sample
220925-d48aysedbr
-
MD5
90061126e50affbb9725cdf73489660f
-
SHA1
c4250d9107c38e7c2a6b7f244b5eefe1fc8b6a6c
-
SHA256
f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
-
SHA512
e0549a1f4b0302221486e36e93050009128aeead02fdccfb6c093c9319b82eb45f7c543b2f251add1ae78a37253bc9a6a060ad17b3014d1e2b238eac3299158c
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
-
Size
361KB
-
MD5
90061126e50affbb9725cdf73489660f
-
SHA1
c4250d9107c38e7c2a6b7f244b5eefe1fc8b6a6c
-
SHA256
f52c60da486d049243ace350fb7f0d16578550afb503b1c4bab7279207470add
-
SHA512
e0549a1f4b0302221486e36e93050009128aeead02fdccfb6c093c9319b82eb45f7c543b2f251add1ae78a37253bc9a6a060ad17b3014d1e2b238eac3299158c
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-