General
-
Target
307ba192e5f724b64ed463abb6b2bb2658c05c5f978a260f2d39a62ee61f3019
-
Size
361KB
-
Sample
220925-dsyblsdaa8
-
MD5
20bcb43feb96a5761c64b0bb46f62813
-
SHA1
ad6e3e1b6e5ad5f2eb67e87cab511952807a04a9
-
SHA256
307ba192e5f724b64ed463abb6b2bb2658c05c5f978a260f2d39a62ee61f3019
-
SHA512
c657e874b11f36d742723fd31ea636d466c06173311e7583a1c6ac6c15a1957d3ea94b8fc80094c668de8128d7e04f322fd5625cef1059989479e36a79c0f7f7
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
307ba192e5f724b64ed463abb6b2bb2658c05c5f978a260f2d39a62ee61f3019
-
Size
361KB
-
MD5
20bcb43feb96a5761c64b0bb46f62813
-
SHA1
ad6e3e1b6e5ad5f2eb67e87cab511952807a04a9
-
SHA256
307ba192e5f724b64ed463abb6b2bb2658c05c5f978a260f2d39a62ee61f3019
-
SHA512
c657e874b11f36d742723fd31ea636d466c06173311e7583a1c6ac6c15a1957d3ea94b8fc80094c668de8128d7e04f322fd5625cef1059989479e36a79c0f7f7
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-