General
-
Target
fc417b1eff6d70efaa5374b84c1af22925c0d4932b788845f4cb3169905c7ef2
-
Size
418KB
-
Sample
230103-yx8claga4y
-
MD5
bd89297a7d253e75d6eff27fcc056e93
-
SHA1
321e63bdf322b6a5a127a602f730ae59dbe6f05c
-
SHA256
fc417b1eff6d70efaa5374b84c1af22925c0d4932b788845f4cb3169905c7ef2
-
SHA512
e69de3379d7b7e58349969e8ea09015e38e5b667e9ec5b6d5d21a7014701905774f29950673e4c164727301d743fa3148d5a63a34b908658884853e1b7e34c9d
-
SSDEEP
6144:lTBL+ImWmKLtgAhsw3onfQgiOmH/juRDbb31A62eXD3cAyjEvJEMrbT:vfmWmgIbiOmLYnS6/DMAyoh
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
fc417b1eff6d70efaa5374b84c1af22925c0d4932b788845f4cb3169905c7ef2
-
Size
418KB
-
MD5
bd89297a7d253e75d6eff27fcc056e93
-
SHA1
321e63bdf322b6a5a127a602f730ae59dbe6f05c
-
SHA256
fc417b1eff6d70efaa5374b84c1af22925c0d4932b788845f4cb3169905c7ef2
-
SHA512
e69de3379d7b7e58349969e8ea09015e38e5b667e9ec5b6d5d21a7014701905774f29950673e4c164727301d743fa3148d5a63a34b908658884853e1b7e34c9d
-
SSDEEP
6144:lTBL+ImWmKLtgAhsw3onfQgiOmH/juRDbb31A62eXD3cAyjEvJEMrbT:vfmWmgIbiOmLYnS6/DMAyoh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-