General
-
Target
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
Size
361KB
-
Sample
220925-ebapnadag8
-
MD5
89e4eb90b899082316ddf4dc4c478217
-
SHA1
8420849ae27e6985dd1a97833a20283c9838ba67
-
SHA256
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
SHA512
a58eff777c1bea40fefb47396e9974b5bf2f5c09e76940e43dce1898bdd6cd0573d632d58136b2059e2291d7edfe81d3cfb4d8b146645af6399a336ecb100bce
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
Size
361KB
-
MD5
89e4eb90b899082316ddf4dc4c478217
-
SHA1
8420849ae27e6985dd1a97833a20283c9838ba67
-
SHA256
b17a8d0aba2a3e3a91dca43b68502c1ed99355e9bf737dd9a5cccd5e60c227d9
-
SHA512
a58eff777c1bea40fefb47396e9974b5bf2f5c09e76940e43dce1898bdd6cd0573d632d58136b2059e2291d7edfe81d3cfb4d8b146645af6399a336ecb100bce
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-