General
-
Target
efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
-
Size
365KB
-
Sample
221116-mdvfvaeb2s
-
MD5
be7955b67d06612d9d33f2df855b5f86
-
SHA1
fcb55a5cf5534ba1a9b73015d799bc00e09d0b43
-
SHA256
efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
-
SHA512
170327c6d509c0a7c527f44b47b31a015b83567014c17cfabd14f60991a35dc3dc728b20955ae231263732b5750ffb92fd2d0a6e37e3ea2f68bf146cc5e6ad5b
-
SSDEEP
6144:/bgylmmLW0QizUVbGkCQMh7dwLzDafDJ4QbKnq4y0NJHk+eLy:jgQKizUNGka8Lv6t4QZ0NJEL
Static task
static1
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
-
Size
365KB
-
MD5
be7955b67d06612d9d33f2df855b5f86
-
SHA1
fcb55a5cf5534ba1a9b73015d799bc00e09d0b43
-
SHA256
efb01c33276a5fca7760c13237ccd08cad9c7dd5fd68b858aaf90b48b55aa1fd
-
SHA512
170327c6d509c0a7c527f44b47b31a015b83567014c17cfabd14f60991a35dc3dc728b20955ae231263732b5750ffb92fd2d0a6e37e3ea2f68bf146cc5e6ad5b
-
SSDEEP
6144:/bgylmmLW0QizUVbGkCQMh7dwLzDafDJ4QbKnq4y0NJHk+eLy:jgQKizUNGka8Lv6t4QZ0NJEL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-