General
-
Target
759fece37a19404e2ac7068654e2e1bb2ab31df26f805ee869f5f88e2a554f23
-
Size
361KB
-
Sample
220925-fxy5taeffm
-
MD5
1f1ed2757cfa4058e25ca0e31e2b3106
-
SHA1
9d09e472254c8763fde8d9b8bf82ee4e945b99a2
-
SHA256
759fece37a19404e2ac7068654e2e1bb2ab31df26f805ee869f5f88e2a554f23
-
SHA512
5b71e5162aea1eaf3c2b9d30b1e9688a4071ab7d2cade0c013bd05663482469ca039fcf5cbe1d61f39edfe54864c7fce09959fb45eff082b38c707bef4bcdcd6
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
759fece37a19404e2ac7068654e2e1bb2ab31df26f805ee869f5f88e2a554f23
-
Size
361KB
-
MD5
1f1ed2757cfa4058e25ca0e31e2b3106
-
SHA1
9d09e472254c8763fde8d9b8bf82ee4e945b99a2
-
SHA256
759fece37a19404e2ac7068654e2e1bb2ab31df26f805ee869f5f88e2a554f23
-
SHA512
5b71e5162aea1eaf3c2b9d30b1e9688a4071ab7d2cade0c013bd05663482469ca039fcf5cbe1d61f39edfe54864c7fce09959fb45eff082b38c707bef4bcdcd6
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-