General
-
Target
98bfdb85b8deb452cd66984cef7fd2258155f970b0dca9e7e4840a232fc581dc
-
Size
361KB
-
Sample
220925-fq3vesefel
-
MD5
b295d61f35b0cce2b9674fcfec8e5efa
-
SHA1
4cb0f15a6e1e776c40f8b64f1df07e867be3aa90
-
SHA256
98bfdb85b8deb452cd66984cef7fd2258155f970b0dca9e7e4840a232fc581dc
-
SHA512
787a263fcc27ed2dbdb96a45a48029a939b0ced136bbfe32d6504f00c54754e4fb56b04787427803a434c216ee282627f32be8656d8a19250af0ebb683c982c0
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
98bfdb85b8deb452cd66984cef7fd2258155f970b0dca9e7e4840a232fc581dc
-
Size
361KB
-
MD5
b295d61f35b0cce2b9674fcfec8e5efa
-
SHA1
4cb0f15a6e1e776c40f8b64f1df07e867be3aa90
-
SHA256
98bfdb85b8deb452cd66984cef7fd2258155f970b0dca9e7e4840a232fc581dc
-
SHA512
787a263fcc27ed2dbdb96a45a48029a939b0ced136bbfe32d6504f00c54754e4fb56b04787427803a434c216ee282627f32be8656d8a19250af0ebb683c982c0
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-