General
-
Target
68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
-
Size
5.3MB
-
Sample
221115-tpvpbaae5y
-
MD5
9e0f5e7f6f3bf3647948f39e795f1ff6
-
SHA1
dc6d84444138c88b1429a8aad6fe04f7f7ef71b5
-
SHA256
68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
-
SHA512
dd2bbf1687c86ac001ef1f67e4f07b6e8406fe70bf68bff220a37cf32a5b618be068226fdb6e043704d65412f1fd996491b8a09cb74432db5c37f9284af1845b
-
SSDEEP
49152:sPFJCvLqOaSTK5ISawpVpVliC8Tkx23fmAmcViw:sPFsjqOaSFUOfmeiw
Static task
static1
Malware Config
Extracted
redline
AKASHA
77.73.134.54:19123
-
auth_value
c8eb531f5a0c4b089ceefdcdfcce06d9
Targets
-
-
Target
68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
-
Size
5.3MB
-
MD5
9e0f5e7f6f3bf3647948f39e795f1ff6
-
SHA1
dc6d84444138c88b1429a8aad6fe04f7f7ef71b5
-
SHA256
68db7ba636a775b8ed355d9b3f4a143fa4c5b080eee5c4c47ad3dc4b982f44d0
-
SHA512
dd2bbf1687c86ac001ef1f67e4f07b6e8406fe70bf68bff220a37cf32a5b618be068226fdb6e043704d65412f1fd996491b8a09cb74432db5c37f9284af1845b
-
SSDEEP
49152:sPFJCvLqOaSTK5ISawpVpVliC8Tkx23fmAmcViw:sPFsjqOaSFUOfmeiw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-