General
-
Target
2fa4c31c1f88fee5bd2c4e65f711e9b022455df8be0695cc440f9d38f394d056
-
Size
361KB
-
Sample
220925-dyyvbsdac5
-
MD5
91f6db82c23f3b79eda5ac03f733a7c8
-
SHA1
9f52a82147705d49c377596b4c4f4fbe32621df8
-
SHA256
2fa4c31c1f88fee5bd2c4e65f711e9b022455df8be0695cc440f9d38f394d056
-
SHA512
c183b5b7848a9db791ea30da4d0830033e2c859d8e9c5913fb0d27b9e3729c7a366782f066df00648e78121d9e736e95a7c674bcff8412a9d6c5661420d7ec14
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
2fa4c31c1f88fee5bd2c4e65f711e9b022455df8be0695cc440f9d38f394d056
-
Size
361KB
-
MD5
91f6db82c23f3b79eda5ac03f733a7c8
-
SHA1
9f52a82147705d49c377596b4c4f4fbe32621df8
-
SHA256
2fa4c31c1f88fee5bd2c4e65f711e9b022455df8be0695cc440f9d38f394d056
-
SHA512
c183b5b7848a9db791ea30da4d0830033e2c859d8e9c5913fb0d27b9e3729c7a366782f066df00648e78121d9e736e95a7c674bcff8412a9d6c5661420d7ec14
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-