General
-
Target
8a90ae1e53e3ed8a62bd237c90721ab641a26c0ad506cf458da43b321e416355
-
Size
465KB
-
Sample
230104-ps96ysag4z
-
MD5
16aa97feebe9a8edbb8f923dbf434670
-
SHA1
dd54d11bdefc8e2a759ae5dd825e323c064be6ff
-
SHA256
8a90ae1e53e3ed8a62bd237c90721ab641a26c0ad506cf458da43b321e416355
-
SHA512
f293f5a97908f22f2a2e49faf9995773aad1794d5a33249e44de3686bb0378e8b3ee9c2656b42e721b27efba484248434d20fecd315f95ae18dad36a5ff5cb51
-
SSDEEP
6144:nfLlAOrmttJJEIlSZeYf0E/WH170emjaoxupmL/mu4/e9LejTH:nfCOETJ7SZGh0FaoxupmL/m/eZ
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
8a90ae1e53e3ed8a62bd237c90721ab641a26c0ad506cf458da43b321e416355
-
Size
465KB
-
MD5
16aa97feebe9a8edbb8f923dbf434670
-
SHA1
dd54d11bdefc8e2a759ae5dd825e323c064be6ff
-
SHA256
8a90ae1e53e3ed8a62bd237c90721ab641a26c0ad506cf458da43b321e416355
-
SHA512
f293f5a97908f22f2a2e49faf9995773aad1794d5a33249e44de3686bb0378e8b3ee9c2656b42e721b27efba484248434d20fecd315f95ae18dad36a5ff5cb51
-
SSDEEP
6144:nfLlAOrmttJJEIlSZeYf0E/WH170emjaoxupmL/mu4/e9LejTH:nfCOETJ7SZGh0FaoxupmL/m/eZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-