General
-
Target
f275edb1a9a617bbc5f007e580b6fc16900aa14738f6eb69f8c28ca12d9ab271
-
Size
278KB
-
Sample
230131-fm7dfagd3w
-
MD5
df336de1aac65e4439ddfd985377cb98
-
SHA1
4eafb9b94142d48dd237f352bd2d02b94af1c3ff
-
SHA256
f275edb1a9a617bbc5f007e580b6fc16900aa14738f6eb69f8c28ca12d9ab271
-
SHA512
0a719ae9208182695943274a927e38721db1e529071ea8bec67a1c7b408130252185d6f8019e725583e817a806f04c0f512e4838e6919b9fff5881abe906c01d
-
SSDEEP
3072:ojavJBLuA06q250wTMR1k07inWJj4pJPDGNnUR1UbRFTowErT8HwBYy2I647iet3:FLV06qyMRuxWBuCl1FcLrawMTep
Static task
static1
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
f275edb1a9a617bbc5f007e580b6fc16900aa14738f6eb69f8c28ca12d9ab271
-
Size
278KB
-
MD5
df336de1aac65e4439ddfd985377cb98
-
SHA1
4eafb9b94142d48dd237f352bd2d02b94af1c3ff
-
SHA256
f275edb1a9a617bbc5f007e580b6fc16900aa14738f6eb69f8c28ca12d9ab271
-
SHA512
0a719ae9208182695943274a927e38721db1e529071ea8bec67a1c7b408130252185d6f8019e725583e817a806f04c0f512e4838e6919b9fff5881abe906c01d
-
SSDEEP
3072:ojavJBLuA06q250wTMR1k07inWJj4pJPDGNnUR1UbRFTowErT8HwBYy2I647iet3:FLV06qyMRuxWBuCl1FcLrawMTep
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-