General
-
Target
e023fcb8d7c3f3d1498f7ba57cf27d7f3c535f5ebd4ea55442c0097070ad7e4e
-
Size
361KB
-
Sample
220925-gt3jhaegfn
-
MD5
a8133df0196448ef5eb30154dec346d2
-
SHA1
63e7b70e4ca9fd874b8d9dff9cfbb027d23aa6f9
-
SHA256
e023fcb8d7c3f3d1498f7ba57cf27d7f3c535f5ebd4ea55442c0097070ad7e4e
-
SHA512
93386d5be1b5b5b557bdca808aeacca34706f920d1db1a0d6a599ab3044fa4469912c5d42029b4db57770e09445c46efb214bb9cff2c49a188fcbbc3ec698b47
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
e023fcb8d7c3f3d1498f7ba57cf27d7f3c535f5ebd4ea55442c0097070ad7e4e
-
Size
361KB
-
MD5
a8133df0196448ef5eb30154dec346d2
-
SHA1
63e7b70e4ca9fd874b8d9dff9cfbb027d23aa6f9
-
SHA256
e023fcb8d7c3f3d1498f7ba57cf27d7f3c535f5ebd4ea55442c0097070ad7e4e
-
SHA512
93386d5be1b5b5b557bdca808aeacca34706f920d1db1a0d6a599ab3044fa4469912c5d42029b4db57770e09445c46efb214bb9cff2c49a188fcbbc3ec698b47
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-