General
-
Target
6f03bdad8917f0c792e7696e062a2891f31c293ddae34dcebb468311013e00e5
-
Size
361KB
-
Sample
220925-ftwwaaddc8
-
MD5
bd6f93fab40346e8121575578a4e36dd
-
SHA1
106a58ad1323c2939e57ebf452355dd1c28dc63b
-
SHA256
6f03bdad8917f0c792e7696e062a2891f31c293ddae34dcebb468311013e00e5
-
SHA512
3c122222ab7978d0ca13db1a491357e65b7a6842d5606abdd94eb82c6f3692b30329d56da6464425750658714f0a254b471d5de8239e03bb8e19f009037e580c
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
6f03bdad8917f0c792e7696e062a2891f31c293ddae34dcebb468311013e00e5
-
Size
361KB
-
MD5
bd6f93fab40346e8121575578a4e36dd
-
SHA1
106a58ad1323c2939e57ebf452355dd1c28dc63b
-
SHA256
6f03bdad8917f0c792e7696e062a2891f31c293ddae34dcebb468311013e00e5
-
SHA512
3c122222ab7978d0ca13db1a491357e65b7a6842d5606abdd94eb82c6f3692b30329d56da6464425750658714f0a254b471d5de8239e03bb8e19f009037e580c
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-