General
-
Target
00f7df2a11f0ce89ba94ada896842063aa016f997540dcc33212e11370992d29
-
Size
361KB
-
Sample
220925-frrtjsddb8
-
MD5
434b9ac31763c1587acb39d4606e8d4e
-
SHA1
3ff0ec4769b05aa41093aa1036b73ade961b1ee2
-
SHA256
00f7df2a11f0ce89ba94ada896842063aa016f997540dcc33212e11370992d29
-
SHA512
e88ec7658e8c59d160e6a69a48ad3b1aa6a56d3581e481be6640d5c77391a6718d6efe46e9c0420eebaeae03f60aa97a500391e08e30b79eac739f58a9cb9fc1
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
00f7df2a11f0ce89ba94ada896842063aa016f997540dcc33212e11370992d29
-
Size
361KB
-
MD5
434b9ac31763c1587acb39d4606e8d4e
-
SHA1
3ff0ec4769b05aa41093aa1036b73ade961b1ee2
-
SHA256
00f7df2a11f0ce89ba94ada896842063aa016f997540dcc33212e11370992d29
-
SHA512
e88ec7658e8c59d160e6a69a48ad3b1aa6a56d3581e481be6640d5c77391a6718d6efe46e9c0420eebaeae03f60aa97a500391e08e30b79eac739f58a9cb9fc1
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-