General
-
Target
70138ff1c2b594df5e34b175f67b1187245948e389d4b4076bebd742457fa48c
-
Size
361KB
-
Sample
220925-gg788adea7
-
MD5
8355a1f3883ce0bb4076d3b9c5a0522a
-
SHA1
c4e6d047aa2d24ff8f15ca210474ea68651189d9
-
SHA256
70138ff1c2b594df5e34b175f67b1187245948e389d4b4076bebd742457fa48c
-
SHA512
ac82db16ea6ef27cbb969435c524965007bc2af7d774194172949132607e872756e344bfc00078208e982071276e36a58fd84fa9659be34ed3ebf732934e3c4b
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
70138ff1c2b594df5e34b175f67b1187245948e389d4b4076bebd742457fa48c
-
Size
361KB
-
MD5
8355a1f3883ce0bb4076d3b9c5a0522a
-
SHA1
c4e6d047aa2d24ff8f15ca210474ea68651189d9
-
SHA256
70138ff1c2b594df5e34b175f67b1187245948e389d4b4076bebd742457fa48c
-
SHA512
ac82db16ea6ef27cbb969435c524965007bc2af7d774194172949132607e872756e344bfc00078208e982071276e36a58fd84fa9659be34ed3ebf732934e3c4b
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-