General
-
Target
32f3b7dbab69c087ca60af320d368c7943600c735a58a61cc0d7aa1c5d999de1
-
Size
361KB
-
Sample
220925-dydjdsdac4
-
MD5
1a4586116c54e3fbf0e4d21dea8493e4
-
SHA1
377b225231bace222eeedf249675a5c2e5a679e6
-
SHA256
32f3b7dbab69c087ca60af320d368c7943600c735a58a61cc0d7aa1c5d999de1
-
SHA512
44a6925f044db80de24f545542300f945ad88e65a46c5730b235432c8b57b4566a93b1338f2eb26f7fff37db05491b10cdf50b897c330f190924db321c632eb2
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
32f3b7dbab69c087ca60af320d368c7943600c735a58a61cc0d7aa1c5d999de1
-
Size
361KB
-
MD5
1a4586116c54e3fbf0e4d21dea8493e4
-
SHA1
377b225231bace222eeedf249675a5c2e5a679e6
-
SHA256
32f3b7dbab69c087ca60af320d368c7943600c735a58a61cc0d7aa1c5d999de1
-
SHA512
44a6925f044db80de24f545542300f945ad88e65a46c5730b235432c8b57b4566a93b1338f2eb26f7fff37db05491b10cdf50b897c330f190924db321c632eb2
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-