General
-
Target
3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554
-
Size
361KB
-
Sample
220925-glm4vadeb4
-
MD5
1c3f1befe24ae922b85d9f803648fee9
-
SHA1
3177ba707ccec2ca2eef3e422a65b4a8e655ebc6
-
SHA256
3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554
-
SHA512
ff21826426481a7a2914152533cea31fcf65eadc50dc84b25aba1de126886c4e06d9c10b97c2a5ec27d990b82796d3771f1010dd7f7566d110f3b4322a9c8d5e
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554
-
Size
361KB
-
MD5
1c3f1befe24ae922b85d9f803648fee9
-
SHA1
3177ba707ccec2ca2eef3e422a65b4a8e655ebc6
-
SHA256
3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554
-
SHA512
ff21826426481a7a2914152533cea31fcf65eadc50dc84b25aba1de126886c4e06d9c10b97c2a5ec27d990b82796d3771f1010dd7f7566d110f3b4322a9c8d5e
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-