General
-
Target
855c90cf4d1fb14c84339d0e89e75004377da951985af04b3a4096337fcad07c
-
Size
328KB
-
Sample
230105-mf9zbafb6x
-
MD5
a86d73cd95685b76920fd1a02930b69a
-
SHA1
d22e7affc3670b16d5eefe6f3fa7ca886bbad3ad
-
SHA256
855c90cf4d1fb14c84339d0e89e75004377da951985af04b3a4096337fcad07c
-
SHA512
7c91b437be8ec0635daa2b0fdd45a0caf57fa02118ab28086f36e87790f9ee64c0de4379d12703a6a4e3069441b7191c5ed1360cbf45078a00f43f8a086cb855
-
SSDEEP
6144:oawLUy5Ts2I+/YLVCzdiSZjZgLFFL8HY+oA0yaHeWvLcJ9:oXoy5Ts/+4y0SZjZewiAELIJ9
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
855c90cf4d1fb14c84339d0e89e75004377da951985af04b3a4096337fcad07c
-
Size
328KB
-
MD5
a86d73cd95685b76920fd1a02930b69a
-
SHA1
d22e7affc3670b16d5eefe6f3fa7ca886bbad3ad
-
SHA256
855c90cf4d1fb14c84339d0e89e75004377da951985af04b3a4096337fcad07c
-
SHA512
7c91b437be8ec0635daa2b0fdd45a0caf57fa02118ab28086f36e87790f9ee64c0de4379d12703a6a4e3069441b7191c5ed1360cbf45078a00f43f8a086cb855
-
SSDEEP
6144:oawLUy5Ts2I+/YLVCzdiSZjZgLFFL8HY+oA0yaHeWvLcJ9:oXoy5Ts/+4y0SZjZewiAELIJ9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-