General
-
Target
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
Size
394KB
-
Sample
230131-mz5tpsga59
-
MD5
85f3db6c910eca1089675f12eafae528
-
SHA1
c3f409f688e8c9924aae7b82e866d303bec3e54e
-
SHA256
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
SHA512
850d2902bacb2c321cd518f963d395dcb8b5af88f1599f22d5431a0849a82d6b7f009066824aba70703ab7c5bf1b86d01f4fcc8169c53994ff321a46f0a51ac2
-
SSDEEP
6144:P3OzLmZik1p5fIHhuO9OYmNaVIhUWI9Vp3F7f4VQY+vlr:PqiIWMBr9JWrhUWeVfzOQt
Static task
static1
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
Size
394KB
-
MD5
85f3db6c910eca1089675f12eafae528
-
SHA1
c3f409f688e8c9924aae7b82e866d303bec3e54e
-
SHA256
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
SHA512
850d2902bacb2c321cd518f963d395dcb8b5af88f1599f22d5431a0849a82d6b7f009066824aba70703ab7c5bf1b86d01f4fcc8169c53994ff321a46f0a51ac2
-
SSDEEP
6144:P3OzLmZik1p5fIHhuO9OYmNaVIhUWI9Vp3F7f4VQY+vlr:PqiIWMBr9JWrhUWeVfzOQt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-