General
-
Target
90a24e5b6d0e038baff37e1f450e07ca6ccce0224cad76414a2ba719f107d66d
-
Size
361KB
-
Sample
220925-dth83sechk
-
MD5
35ff2455b183311dd4257ae7196fdb3f
-
SHA1
9efac31dc5e94959a6c0d35654fca475d2b834f9
-
SHA256
90a24e5b6d0e038baff37e1f450e07ca6ccce0224cad76414a2ba719f107d66d
-
SHA512
96d8436068503ffa0a2981d04a295525d9df796a904e5f3496427f41d3e6128f85382a4f36526def50a053f00324040bd134a0dbb5b56b2e3dd508197d6025c7
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
90a24e5b6d0e038baff37e1f450e07ca6ccce0224cad76414a2ba719f107d66d
-
Size
361KB
-
MD5
35ff2455b183311dd4257ae7196fdb3f
-
SHA1
9efac31dc5e94959a6c0d35654fca475d2b834f9
-
SHA256
90a24e5b6d0e038baff37e1f450e07ca6ccce0224cad76414a2ba719f107d66d
-
SHA512
96d8436068503ffa0a2981d04a295525d9df796a904e5f3496427f41d3e6128f85382a4f36526def50a053f00324040bd134a0dbb5b56b2e3dd508197d6025c7
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-