General
-
Target
3fc87d156ec63b019c523310523cbc5b17209837185d187c4bbc92a75acd7e4c
-
Size
278KB
-
Sample
230130-zae8zacf96
-
MD5
f623c38c8d7d1f76d036b5affd1d90f2
-
SHA1
f000d8f7e90c40760799e6c9bf4d702b0fed1a2c
-
SHA256
3fc87d156ec63b019c523310523cbc5b17209837185d187c4bbc92a75acd7e4c
-
SHA512
0c35e123f06d46ee0693a31337a0eaed7b900e641f6aaa53371a94f92bcdeabc6a6ef044f203e49a5f57aa0d0f34c63441c53b88ef09388ab6ecb42ffdf8d1a7
-
SSDEEP
6144:6Lb9azaLwGW70qJd6FK5nQd5IXhdcagUZZKud:6dazms77dz5nVhdUUKud
Static task
static1
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
3fc87d156ec63b019c523310523cbc5b17209837185d187c4bbc92a75acd7e4c
-
Size
278KB
-
MD5
f623c38c8d7d1f76d036b5affd1d90f2
-
SHA1
f000d8f7e90c40760799e6c9bf4d702b0fed1a2c
-
SHA256
3fc87d156ec63b019c523310523cbc5b17209837185d187c4bbc92a75acd7e4c
-
SHA512
0c35e123f06d46ee0693a31337a0eaed7b900e641f6aaa53371a94f92bcdeabc6a6ef044f203e49a5f57aa0d0f34c63441c53b88ef09388ab6ecb42ffdf8d1a7
-
SSDEEP
6144:6Lb9azaLwGW70qJd6FK5nQd5IXhdcagUZZKud:6dazms77dz5nVhdUUKud
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-