General
-
Target
eba9e26d8413453c29e2aeab22800784232def3869f623badc120e781dec6c77
-
Size
361KB
-
Sample
220925-f6fd3addf7
-
MD5
ed4c4bcb364c58b473d1f1e57c1f62c4
-
SHA1
951623e8a45a95ac763535729a8fc1b272cf39e8
-
SHA256
eba9e26d8413453c29e2aeab22800784232def3869f623badc120e781dec6c77
-
SHA512
2ea9dd8fbcc6c773bec93e6afef4f98bd9f538cdf75d9be07a69d21206b973588cc32e0829eff72c6b73c8a2d2f780143b6a5d4846919448f7d9902bc8f3690b
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
eba9e26d8413453c29e2aeab22800784232def3869f623badc120e781dec6c77
-
Size
361KB
-
MD5
ed4c4bcb364c58b473d1f1e57c1f62c4
-
SHA1
951623e8a45a95ac763535729a8fc1b272cf39e8
-
SHA256
eba9e26d8413453c29e2aeab22800784232def3869f623badc120e781dec6c77
-
SHA512
2ea9dd8fbcc6c773bec93e6afef4f98bd9f538cdf75d9be07a69d21206b973588cc32e0829eff72c6b73c8a2d2f780143b6a5d4846919448f7d9902bc8f3690b
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-