General
-
Target
6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc
-
Size
361KB
-
Sample
220925-gelbnsegck
-
MD5
fdab7e215a90ba7ef46987358a423751
-
SHA1
0e63ac66badb1d7379b6b1df408df4bbd304a930
-
SHA256
6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc
-
SHA512
f4f417fdcc03fa8e63efe4b8d7b7f4e10492027427e1826ea4d544a4c63e3126021cd536697d60a4e7cb01128c22d902088aa45b08c8471b1e6b88f63f562843
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc
-
Size
361KB
-
MD5
fdab7e215a90ba7ef46987358a423751
-
SHA1
0e63ac66badb1d7379b6b1df408df4bbd304a930
-
SHA256
6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc
-
SHA512
f4f417fdcc03fa8e63efe4b8d7b7f4e10492027427e1826ea4d544a4c63e3126021cd536697d60a4e7cb01128c22d902088aa45b08c8471b1e6b88f63f562843
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-