General
-
Target
684ebc86bb3615d5e89944e9f0cdeedf6c03fee99f57c4c1490034e124a801c9
-
Size
361KB
-
Sample
220925-ekh3dsdbc5
-
MD5
762effd9ff28193cd8e3f28ed4b1c677
-
SHA1
88483e0d63466ae4510de82c759499903c1a3c55
-
SHA256
684ebc86bb3615d5e89944e9f0cdeedf6c03fee99f57c4c1490034e124a801c9
-
SHA512
68662f34b6e0318615ebd10b652a5638b7788e570881de579857bfd2837bda45984f6559ce061c0174fc1fa4237131cbc1737697faecec2a4646690a0c2d59d0
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
684ebc86bb3615d5e89944e9f0cdeedf6c03fee99f57c4c1490034e124a801c9
-
Size
361KB
-
MD5
762effd9ff28193cd8e3f28ed4b1c677
-
SHA1
88483e0d63466ae4510de82c759499903c1a3c55
-
SHA256
684ebc86bb3615d5e89944e9f0cdeedf6c03fee99f57c4c1490034e124a801c9
-
SHA512
68662f34b6e0318615ebd10b652a5638b7788e570881de579857bfd2837bda45984f6559ce061c0174fc1fa4237131cbc1737697faecec2a4646690a0c2d59d0
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-