General
-
Target
e79576f3a6d147623b2d9b43ccfe70d5d3d0c914be8c8e121aa544e81f2bd3ed
-
Size
361KB
-
Sample
220925-g2kzeseghp
-
MD5
13e55f9b0dc574c37bd3f30a0e3871c8
-
SHA1
84d8ad43d25130a804ae93a1de609843f39ea638
-
SHA256
e79576f3a6d147623b2d9b43ccfe70d5d3d0c914be8c8e121aa544e81f2bd3ed
-
SHA512
d62b36517d454c88657931165beb86b9b7b125abe63d87c1d8a554cab52880b82b626e1bd90b42312ec69a0c1bab71beb02c08bc1fe069eb7017411d9761d8a5
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
e79576f3a6d147623b2d9b43ccfe70d5d3d0c914be8c8e121aa544e81f2bd3ed
-
Size
361KB
-
MD5
13e55f9b0dc574c37bd3f30a0e3871c8
-
SHA1
84d8ad43d25130a804ae93a1de609843f39ea638
-
SHA256
e79576f3a6d147623b2d9b43ccfe70d5d3d0c914be8c8e121aa544e81f2bd3ed
-
SHA512
d62b36517d454c88657931165beb86b9b7b125abe63d87c1d8a554cab52880b82b626e1bd90b42312ec69a0c1bab71beb02c08bc1fe069eb7017411d9761d8a5
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-