General
-
Target
ceb7281c60fdfe8b9152f5b0aa3df288b6d65e9c92163fa08331ff9feb603dec
-
Size
361KB
-
Sample
220925-gsfncadec9
-
MD5
d1102c0c269f93a4c505e0d5c0f368f1
-
SHA1
53719501977a849b6eb5c74e0683714c62a73c52
-
SHA256
ceb7281c60fdfe8b9152f5b0aa3df288b6d65e9c92163fa08331ff9feb603dec
-
SHA512
e61cb2c5545603a907852f1ad1199579098e3190c72b1c77b7bbafdd4d069005f40164621deadceedbf6e68de9dab1cf5916f46af7b71f11796bbcd86e64b0e6
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
ceb7281c60fdfe8b9152f5b0aa3df288b6d65e9c92163fa08331ff9feb603dec
-
Size
361KB
-
MD5
d1102c0c269f93a4c505e0d5c0f368f1
-
SHA1
53719501977a849b6eb5c74e0683714c62a73c52
-
SHA256
ceb7281c60fdfe8b9152f5b0aa3df288b6d65e9c92163fa08331ff9feb603dec
-
SHA512
e61cb2c5545603a907852f1ad1199579098e3190c72b1c77b7bbafdd4d069005f40164621deadceedbf6e68de9dab1cf5916f46af7b71f11796bbcd86e64b0e6
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-