General
-
Target
701fbd2f121d44c0c801715a8dd3ccc00d61d19ebea2e6faeb0adf41b6979a41
-
Size
361KB
-
Sample
220925-gr5abadec8
-
MD5
9b997ddb7d9bec646ba9368e87090538
-
SHA1
3f4c9852a3eba890de36414ef75cde0716477ac8
-
SHA256
701fbd2f121d44c0c801715a8dd3ccc00d61d19ebea2e6faeb0adf41b6979a41
-
SHA512
ec668bfece6b68dc98716f8e470824afc20860ec75060151d9c18474af19d84d81bfeacbb4479e334af36ac0c547d9e4dc53e592ef4279089ff438270a264166
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
701fbd2f121d44c0c801715a8dd3ccc00d61d19ebea2e6faeb0adf41b6979a41
-
Size
361KB
-
MD5
9b997ddb7d9bec646ba9368e87090538
-
SHA1
3f4c9852a3eba890de36414ef75cde0716477ac8
-
SHA256
701fbd2f121d44c0c801715a8dd3ccc00d61d19ebea2e6faeb0adf41b6979a41
-
SHA512
ec668bfece6b68dc98716f8e470824afc20860ec75060151d9c18474af19d84d81bfeacbb4479e334af36ac0c547d9e4dc53e592ef4279089ff438270a264166
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-