General
-
Target
e2da23419abd814bf12ea64411c6b66463a7320d0818f0e8de85c8baff948f78
-
Size
466KB
-
Sample
230104-fq357ahc2z
-
MD5
015cd54f8ec5e6e2576e580554edeb45
-
SHA1
67df8b72d73b4dbc7ca8e3da0ff6cc6533e84e34
-
SHA256
e2da23419abd814bf12ea64411c6b66463a7320d0818f0e8de85c8baff948f78
-
SHA512
4486154349e5fc9412dc5211b4fbc19b06de9108a5e0ac59430a2e3974685683ee13b25d462562e6af1a16ee6fadfba1f401e1726ec38f11fa55cee8f9500b23
-
SSDEEP
12288:MHwvwo0jbQIVdkpRZoCQu/SXkUFDPAyxfVx3U:Mwz0/Q9pR6XXkADP3xtx3
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
e2da23419abd814bf12ea64411c6b66463a7320d0818f0e8de85c8baff948f78
-
Size
466KB
-
MD5
015cd54f8ec5e6e2576e580554edeb45
-
SHA1
67df8b72d73b4dbc7ca8e3da0ff6cc6533e84e34
-
SHA256
e2da23419abd814bf12ea64411c6b66463a7320d0818f0e8de85c8baff948f78
-
SHA512
4486154349e5fc9412dc5211b4fbc19b06de9108a5e0ac59430a2e3974685683ee13b25d462562e6af1a16ee6fadfba1f401e1726ec38f11fa55cee8f9500b23
-
SSDEEP
12288:MHwvwo0jbQIVdkpRZoCQu/SXkUFDPAyxfVx3U:Mwz0/Q9pR6XXkADP3xtx3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-