General
-
Target
e09bd5920d1b8eb1191e74b04da686f4e7d6f502ea13e0a7d68faa5a068ed5d2
-
Size
897KB
-
Sample
221207-fgdh6sfc25
-
MD5
f0eff184866d31ffff10ddee2a45767c
-
SHA1
62e3e347adde40c12b7d8e20aefb49238545430c
-
SHA256
e09bd5920d1b8eb1191e74b04da686f4e7d6f502ea13e0a7d68faa5a068ed5d2
-
SHA512
aa837e38c19673847c2d9526a3c34e4121488a6f449d63c9aeccfaa48758658c01a52bbc0a2fb90afb3f78ceb274918fb02df3a02669d76cd7974eb1d7c35739
-
SSDEEP
24576:3jAKI2VD3TP6nx6JxqGplxaq6DDUZQzerPR04owg5+Ro:3jpXVfucq6baxDDUKzg504Ie
Static task
static1
Malware Config
Extracted
redline
R101
94.130.179.90:21188
-
auth_value
e838b35467aa845d380b9da0f7ba933c
Targets
-
-
Target
e09bd5920d1b8eb1191e74b04da686f4e7d6f502ea13e0a7d68faa5a068ed5d2
-
Size
897KB
-
MD5
f0eff184866d31ffff10ddee2a45767c
-
SHA1
62e3e347adde40c12b7d8e20aefb49238545430c
-
SHA256
e09bd5920d1b8eb1191e74b04da686f4e7d6f502ea13e0a7d68faa5a068ed5d2
-
SHA512
aa837e38c19673847c2d9526a3c34e4121488a6f449d63c9aeccfaa48758658c01a52bbc0a2fb90afb3f78ceb274918fb02df3a02669d76cd7974eb1d7c35739
-
SSDEEP
24576:3jAKI2VD3TP6nx6JxqGplxaq6DDUZQzerPR04owg5+Ro:3jpXVfucq6baxDDUKzg504Ie
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-