General
-
Target
7a50aa0f23cb54bad9f637d2770b8565496ce0fd36237bfc4b8f387a6b3601a6
-
Size
332KB
-
Sample
230105-wx9vbacg44
-
MD5
0d54f9f2e11fc056ce58b51a56db3eab
-
SHA1
448bed1dae7559027e0f9e1fd655e8b6d614b8b6
-
SHA256
7a50aa0f23cb54bad9f637d2770b8565496ce0fd36237bfc4b8f387a6b3601a6
-
SHA512
8ec916323868a9f53b7191063e21d78d43e2143f51fdc56f8dd267a2f3db77dbd40aacccf36b6ac014035bd95008b59c754bf8f917be1d39b8ccee8f6afa2162
-
SSDEEP
6144:m6tLbOSANDLlPlllB1m3y3jmI5slrwxZiPziRpiRcmU8:ptGSANDLlPlllnbhslMLuzqY
Static task
static1
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
7a50aa0f23cb54bad9f637d2770b8565496ce0fd36237bfc4b8f387a6b3601a6
-
Size
332KB
-
MD5
0d54f9f2e11fc056ce58b51a56db3eab
-
SHA1
448bed1dae7559027e0f9e1fd655e8b6d614b8b6
-
SHA256
7a50aa0f23cb54bad9f637d2770b8565496ce0fd36237bfc4b8f387a6b3601a6
-
SHA512
8ec916323868a9f53b7191063e21d78d43e2143f51fdc56f8dd267a2f3db77dbd40aacccf36b6ac014035bd95008b59c754bf8f917be1d39b8ccee8f6afa2162
-
SSDEEP
6144:m6tLbOSANDLlPlllB1m3y3jmI5slrwxZiPziRpiRcmU8:ptGSANDLlPlllnbhslMLuzqY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-