General
-
Target
c69c1fc705df896b61bbbdb3cd48401c45d16a24e74fb73e0193aead466dbae7
-
Size
329KB
-
Sample
230105-j88p6seh2t
-
MD5
d891ee78dc0146e6902caddf9b549ec2
-
SHA1
5777f83b3f2d9f733c22d80656dc04d017f6977b
-
SHA256
c69c1fc705df896b61bbbdb3cd48401c45d16a24e74fb73e0193aead466dbae7
-
SHA512
44d8e801402697afc747904f8c8f45c6fc58f2fc7b14a33ea28c928745ad3fc19f86f2e6c986ec5341e3b7d231155f0bd25c027839cc4a46910248e6f726e43b
-
SSDEEP
6144:a1LRa/qTBixU0HWkQ4VnMhcfPGjH2wrB38WTDJSH72DyV9:a1NVlixUYWvrq9wrBsUkH722
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
c69c1fc705df896b61bbbdb3cd48401c45d16a24e74fb73e0193aead466dbae7
-
Size
329KB
-
MD5
d891ee78dc0146e6902caddf9b549ec2
-
SHA1
5777f83b3f2d9f733c22d80656dc04d017f6977b
-
SHA256
c69c1fc705df896b61bbbdb3cd48401c45d16a24e74fb73e0193aead466dbae7
-
SHA512
44d8e801402697afc747904f8c8f45c6fc58f2fc7b14a33ea28c928745ad3fc19f86f2e6c986ec5341e3b7d231155f0bd25c027839cc4a46910248e6f726e43b
-
SSDEEP
6144:a1LRa/qTBixU0HWkQ4VnMhcfPGjH2wrB38WTDJSH72DyV9:a1NVlixUYWvrq9wrBsUkH722
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-