General
-
Target
d9aee22cb0af6852fee342e39b9f49ba95973d4b6d486a99adc156878c9f215d
-
Size
332KB
-
Sample
230105-18mw5sde26
-
MD5
1c757c8c3387e9ae5f491a514a88c7a2
-
SHA1
4d3fe67c6104173dd526bd375c40168491c73289
-
SHA256
d9aee22cb0af6852fee342e39b9f49ba95973d4b6d486a99adc156878c9f215d
-
SHA512
912622831af95dd177f4017e43e1bf8b9c1197a331d01303e3d7004d17d9f99b5c3e4f1eefe918a5227184ec56b8f4279e772eb526a36fc36bb5bc20ed68adab
-
SSDEEP
6144:2wHLoxpCVMsFjf5yrbAivJdzslru0iwjFPT65dukz3hSmj4tNR+:jHYpCVMsFDobJ/slS0FjFPT6DXxOR
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
d9aee22cb0af6852fee342e39b9f49ba95973d4b6d486a99adc156878c9f215d
-
Size
332KB
-
MD5
1c757c8c3387e9ae5f491a514a88c7a2
-
SHA1
4d3fe67c6104173dd526bd375c40168491c73289
-
SHA256
d9aee22cb0af6852fee342e39b9f49ba95973d4b6d486a99adc156878c9f215d
-
SHA512
912622831af95dd177f4017e43e1bf8b9c1197a331d01303e3d7004d17d9f99b5c3e4f1eefe918a5227184ec56b8f4279e772eb526a36fc36bb5bc20ed68adab
-
SSDEEP
6144:2wHLoxpCVMsFjf5yrbAivJdzslru0iwjFPT65dukz3hSmj4tNR+:jHYpCVMsFDobJ/slS0FjFPT6DXxOR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-