General
-
Target
fe82cb2eb28564b9dd458533acc6b143d7a942c26e9af7ff0b6612e71b4ac10c
-
Size
465KB
-
Sample
230104-yzg87ahe87
-
MD5
6ff3ee38520cd425480c2a77aa05acee
-
SHA1
1d7a07e0e308be67874900afc7e9640ab8926e04
-
SHA256
fe82cb2eb28564b9dd458533acc6b143d7a942c26e9af7ff0b6612e71b4ac10c
-
SHA512
8d44092ac3caa06d1145c948857e2702654a119b78608fce0c880be9c95adfe03efd1464f10e5f03168591a3d5959a34445bdc26b70dc7f2126ee80c5298c518
-
SSDEEP
6144:hRLQzDVl+nzBbQgXfv0V/NPDoPkzS97MQ9nljmIoxupmLTAcjT:hRKD7MbQufv0FNcGGZ9nliIoxupmL0
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
fe82cb2eb28564b9dd458533acc6b143d7a942c26e9af7ff0b6612e71b4ac10c
-
Size
465KB
-
MD5
6ff3ee38520cd425480c2a77aa05acee
-
SHA1
1d7a07e0e308be67874900afc7e9640ab8926e04
-
SHA256
fe82cb2eb28564b9dd458533acc6b143d7a942c26e9af7ff0b6612e71b4ac10c
-
SHA512
8d44092ac3caa06d1145c948857e2702654a119b78608fce0c880be9c95adfe03efd1464f10e5f03168591a3d5959a34445bdc26b70dc7f2126ee80c5298c518
-
SSDEEP
6144:hRLQzDVl+nzBbQgXfv0V/NPDoPkzS97MQ9nljmIoxupmLTAcjT:hRKD7MbQufv0FNcGGZ9nliIoxupmL0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-