General
-
Target
964d1ec82085349a5d1a6a5c8c53b3f11bd14ccc3da60f42e8f9339645e76a9b
-
Size
361KB
-
Sample
220925-gbzpwsegbk
-
MD5
ba3d4d18dfc614e8a88d5f0d33c4cb97
-
SHA1
131fd718c4a59ca415db7bdd613f70972e3f3611
-
SHA256
964d1ec82085349a5d1a6a5c8c53b3f11bd14ccc3da60f42e8f9339645e76a9b
-
SHA512
1d45a6a777cface5fb95f57df4620b0a0ebf515047ca4d70ca94a3300b5de7903c66a5fcd22110b77085967f0d059f5ebce751136ae680e73287ed3422922247
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
964d1ec82085349a5d1a6a5c8c53b3f11bd14ccc3da60f42e8f9339645e76a9b
-
Size
361KB
-
MD5
ba3d4d18dfc614e8a88d5f0d33c4cb97
-
SHA1
131fd718c4a59ca415db7bdd613f70972e3f3611
-
SHA256
964d1ec82085349a5d1a6a5c8c53b3f11bd14ccc3da60f42e8f9339645e76a9b
-
SHA512
1d45a6a777cface5fb95f57df4620b0a0ebf515047ca4d70ca94a3300b5de7903c66a5fcd22110b77085967f0d059f5ebce751136ae680e73287ed3422922247
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-