General
-
Target
358101d8c7df98e40bc632b569835a39278e5d694a431f8e307bd1495d2d32e5
-
Size
466KB
-
Sample
230104-h64srshh5s
-
MD5
6d33345c87f0f8176ba76cdd7319f410
-
SHA1
ef5ac5863ea2f6c5fe25772b4a1e44ed7d19a0ea
-
SHA256
358101d8c7df98e40bc632b569835a39278e5d694a431f8e307bd1495d2d32e5
-
SHA512
6bc226e96531f1a69496190eea75d1112242beb779d23cd58b50a1986d1465132fc2e1a6e7e2e2eebc2aecd77c93ea782e849593f5e53a61c278bf7b733ff943
-
SSDEEP
6144:fc/LBWi2HkLuNLihNFAXpqVNPKAMGfogvmRa9DLSKQoU8voxupmLu8jT:fUoiKDLihNF51NAoLlo8voxupmL
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
358101d8c7df98e40bc632b569835a39278e5d694a431f8e307bd1495d2d32e5
-
Size
466KB
-
MD5
6d33345c87f0f8176ba76cdd7319f410
-
SHA1
ef5ac5863ea2f6c5fe25772b4a1e44ed7d19a0ea
-
SHA256
358101d8c7df98e40bc632b569835a39278e5d694a431f8e307bd1495d2d32e5
-
SHA512
6bc226e96531f1a69496190eea75d1112242beb779d23cd58b50a1986d1465132fc2e1a6e7e2e2eebc2aecd77c93ea782e849593f5e53a61c278bf7b733ff943
-
SSDEEP
6144:fc/LBWi2HkLuNLihNFAXpqVNPKAMGfogvmRa9DLSKQoU8voxupmLu8jT:fUoiKDLihNF51NAoLlo8voxupmL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-