General
-
Target
b1176ee2cb12d09ca89ee1cd4d07ed5dfafcea330b1b80d0a9dda74ae90227f5
-
Size
361KB
-
Sample
220925-gwtz5seggj
-
MD5
4744976518816adf7deeb4c3fdd051ab
-
SHA1
8ecbe09479864a7f55ef6a56bc5d14ba42d8e55a
-
SHA256
b1176ee2cb12d09ca89ee1cd4d07ed5dfafcea330b1b80d0a9dda74ae90227f5
-
SHA512
902c48dc8afaf9b72eff4992e3cf14e0aa1d05acdf8d620cac5b52a3769665d07c03749dbf8195d7fbc9d6420511b85cbbc1c9bd0078314797fe18af7e2a7d39
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
b1176ee2cb12d09ca89ee1cd4d07ed5dfafcea330b1b80d0a9dda74ae90227f5
-
Size
361KB
-
MD5
4744976518816adf7deeb4c3fdd051ab
-
SHA1
8ecbe09479864a7f55ef6a56bc5d14ba42d8e55a
-
SHA256
b1176ee2cb12d09ca89ee1cd4d07ed5dfafcea330b1b80d0a9dda74ae90227f5
-
SHA512
902c48dc8afaf9b72eff4992e3cf14e0aa1d05acdf8d620cac5b52a3769665d07c03749dbf8195d7fbc9d6420511b85cbbc1c9bd0078314797fe18af7e2a7d39
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-