General
-
Target
1b593073d027d2b637ca7194eab9683b2bc3396ff93a3fdac7440db3f06fd3b6
-
Size
361KB
-
Sample
220925-dwr9rsechq
-
MD5
c7f8b9d1a065e9d55e17b2018db3ddc5
-
SHA1
e74df97cd27d7c4edc70fd786ddf02897e6f5702
-
SHA256
1b593073d027d2b637ca7194eab9683b2bc3396ff93a3fdac7440db3f06fd3b6
-
SHA512
2f0386e2f8ce27b1538d8e6f042416a6d1115e79c61925232b9a291b31659df9669acea9b90fb2e335cca7e1669543e6573ea6fdb4e6ded94a64221ab2ae4398
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
1b593073d027d2b637ca7194eab9683b2bc3396ff93a3fdac7440db3f06fd3b6
-
Size
361KB
-
MD5
c7f8b9d1a065e9d55e17b2018db3ddc5
-
SHA1
e74df97cd27d7c4edc70fd786ddf02897e6f5702
-
SHA256
1b593073d027d2b637ca7194eab9683b2bc3396ff93a3fdac7440db3f06fd3b6
-
SHA512
2f0386e2f8ce27b1538d8e6f042416a6d1115e79c61925232b9a291b31659df9669acea9b90fb2e335cca7e1669543e6573ea6fdb4e6ded94a64221ab2ae4398
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-