General
-
Target
0af2c468b9bc248e85c3773ab4b6a927b7657c4513d31721f4e49a7c496a6b27
-
Size
361KB
-
Sample
220925-gz8ygaeghj
-
MD5
95ff173d5cedff1972a708e536dc7f99
-
SHA1
a77c7af878ab261b1eca34d6c27acd903f5c5336
-
SHA256
0af2c468b9bc248e85c3773ab4b6a927b7657c4513d31721f4e49a7c496a6b27
-
SHA512
b02b36dfb50502ff569538d818aa987f59d37f0941a3c7b11a96e8ac1eb16a8d6496c565431d68c30225ac71c1b1c07430265cef184c5b69d98aaae35d2564b3
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
0af2c468b9bc248e85c3773ab4b6a927b7657c4513d31721f4e49a7c496a6b27
-
Size
361KB
-
MD5
95ff173d5cedff1972a708e536dc7f99
-
SHA1
a77c7af878ab261b1eca34d6c27acd903f5c5336
-
SHA256
0af2c468b9bc248e85c3773ab4b6a927b7657c4513d31721f4e49a7c496a6b27
-
SHA512
b02b36dfb50502ff569538d818aa987f59d37f0941a3c7b11a96e8ac1eb16a8d6496c565431d68c30225ac71c1b1c07430265cef184c5b69d98aaae35d2564b3
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-