General
-
Target
55b4e366627694ee427b20d07ab8676bc8f5c49a12f77632efa60fa4036f493f
-
Size
361KB
-
Sample
220925-gvt9hsded9
-
MD5
597ca8b051bdc50a750575ae11d50056
-
SHA1
270357b24bad33cb9f24adc55cbba6fa46d88594
-
SHA256
55b4e366627694ee427b20d07ab8676bc8f5c49a12f77632efa60fa4036f493f
-
SHA512
0da4ddae71fe8bf77facfb02849d3fc57452d41f8730099e41e4ef9d753ffacb562ecdbaebea86deefdd218f4655d6a3533e8e29e250756c8ecd39db9ad56e03
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
55b4e366627694ee427b20d07ab8676bc8f5c49a12f77632efa60fa4036f493f
-
Size
361KB
-
MD5
597ca8b051bdc50a750575ae11d50056
-
SHA1
270357b24bad33cb9f24adc55cbba6fa46d88594
-
SHA256
55b4e366627694ee427b20d07ab8676bc8f5c49a12f77632efa60fa4036f493f
-
SHA512
0da4ddae71fe8bf77facfb02849d3fc57452d41f8730099e41e4ef9d753ffacb562ecdbaebea86deefdd218f4655d6a3533e8e29e250756c8ecd39db9ad56e03
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-