General
-
Target
cd0ebf8b04923151a264e6427aa6d5f9ce2c5c26a6c614dcb8995a1276f190b7
-
Size
361KB
-
Sample
220925-f5wpnaddf5
-
MD5
a7f44978620419557cfb4e9c5095f672
-
SHA1
a0179c32fb193c86952ea7ee3a591b7fc95ec00d
-
SHA256
cd0ebf8b04923151a264e6427aa6d5f9ce2c5c26a6c614dcb8995a1276f190b7
-
SHA512
29f094973f4f6b25c8240987ad810a82c265d2e35c2a4ed5879e356a2a3526bc183224d7b4879e36bcad06cfc6bdbf3f32468fd6258793489087699ede6f9b2a
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
cd0ebf8b04923151a264e6427aa6d5f9ce2c5c26a6c614dcb8995a1276f190b7
-
Size
361KB
-
MD5
a7f44978620419557cfb4e9c5095f672
-
SHA1
a0179c32fb193c86952ea7ee3a591b7fc95ec00d
-
SHA256
cd0ebf8b04923151a264e6427aa6d5f9ce2c5c26a6c614dcb8995a1276f190b7
-
SHA512
29f094973f4f6b25c8240987ad810a82c265d2e35c2a4ed5879e356a2a3526bc183224d7b4879e36bcad06cfc6bdbf3f32468fd6258793489087699ede6f9b2a
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-