General
-
Target
818bdb026145c4b64943a915d537d06012079bb38e0b76aec5f1d97485c9221e
-
Size
361KB
-
Sample
220925-fxl59addd6
-
MD5
3490bd4e7b51344ce79655d7f8572310
-
SHA1
3cc219bb439455b37069a4a02f1604082cf8d24a
-
SHA256
818bdb026145c4b64943a915d537d06012079bb38e0b76aec5f1d97485c9221e
-
SHA512
bae6757419fd98e86b066084b6f86617f0ad2180bbb2f0a0e6ed454b9c70d56d9b0a5d01b0c3b397ebf2670a566d65cf6779fa40821fbb57ba40ab920ab386be
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
818bdb026145c4b64943a915d537d06012079bb38e0b76aec5f1d97485c9221e
-
Size
361KB
-
MD5
3490bd4e7b51344ce79655d7f8572310
-
SHA1
3cc219bb439455b37069a4a02f1604082cf8d24a
-
SHA256
818bdb026145c4b64943a915d537d06012079bb38e0b76aec5f1d97485c9221e
-
SHA512
bae6757419fd98e86b066084b6f86617f0ad2180bbb2f0a0e6ed454b9c70d56d9b0a5d01b0c3b397ebf2670a566d65cf6779fa40821fbb57ba40ab920ab386be
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-