General
-
Target
2542ed4afe803dc465e555032b01d190a904a150b6bf46ef3471a3a9658a1e6d
-
Size
344KB
-
Sample
221111-srhl4age65
-
MD5
2a5dcadb23a5478ce4e6c83dd0d0b1e9
-
SHA1
8067de97b8ce31a42e3c8d84c0c1b1ff8b4f471e
-
SHA256
2542ed4afe803dc465e555032b01d190a904a150b6bf46ef3471a3a9658a1e6d
-
SHA512
0e0932647be733961f8db41c2497cc4790e1b59cf337f66eb5dc515341d60c80d2743eba82e0626be7f79453dccd7da89edcf60a0a9b8447327ce139d9e08f52
-
SSDEEP
6144:16zVZeLHxehRMXZImob3a+pEg2aKw/0JWBUSD2xtp68Mu4cVaE:16ZZejxeh6oba+pENwcJyDX3viT
Static task
static1
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
2542ed4afe803dc465e555032b01d190a904a150b6bf46ef3471a3a9658a1e6d
-
Size
344KB
-
MD5
2a5dcadb23a5478ce4e6c83dd0d0b1e9
-
SHA1
8067de97b8ce31a42e3c8d84c0c1b1ff8b4f471e
-
SHA256
2542ed4afe803dc465e555032b01d190a904a150b6bf46ef3471a3a9658a1e6d
-
SHA512
0e0932647be733961f8db41c2497cc4790e1b59cf337f66eb5dc515341d60c80d2743eba82e0626be7f79453dccd7da89edcf60a0a9b8447327ce139d9e08f52
-
SSDEEP
6144:16zVZeLHxehRMXZImob3a+pEg2aKw/0JWBUSD2xtp68Mu4cVaE:16ZZejxeh6oba+pENwcJyDX3viT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-