General
-
Target
b70d2d4ad15716f5aeac54ce62c7dadb43871c624ef0fd1a9e98e0b28c8cb5f5
-
Size
424KB
-
Sample
230202-1zgzjagc85
-
MD5
2d1a7da7a2542d8ae7e6825d74ede09b
-
SHA1
b03bb54b217f1ae0e7cb22ffc41b938fe6dba2d4
-
SHA256
b70d2d4ad15716f5aeac54ce62c7dadb43871c624ef0fd1a9e98e0b28c8cb5f5
-
SHA512
55fe2ce7265f391eb1ee088ac2fbea34fc1fd4a6aab6c8b646ad9f04b2bec73781f4698f20ea0578ce883cfe426f52d6e883e6e2a0be3e9dd1df2ad0ad7ed52a
-
SSDEEP
6144:pWhNLsOhFOyUewOyIHShcehpiHKSWQJfRtyWlwKwpxPO/XjV6ptCbNKNc:pWhNwO+New+ycehAH53xlePAf
Static task
static1
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
b70d2d4ad15716f5aeac54ce62c7dadb43871c624ef0fd1a9e98e0b28c8cb5f5
-
Size
424KB
-
MD5
2d1a7da7a2542d8ae7e6825d74ede09b
-
SHA1
b03bb54b217f1ae0e7cb22ffc41b938fe6dba2d4
-
SHA256
b70d2d4ad15716f5aeac54ce62c7dadb43871c624ef0fd1a9e98e0b28c8cb5f5
-
SHA512
55fe2ce7265f391eb1ee088ac2fbea34fc1fd4a6aab6c8b646ad9f04b2bec73781f4698f20ea0578ce883cfe426f52d6e883e6e2a0be3e9dd1df2ad0ad7ed52a
-
SSDEEP
6144:pWhNLsOhFOyUewOyIHShcehpiHKSWQJfRtyWlwKwpxPO/XjV6ptCbNKNc:pWhNwO+New+ycehAH53xlePAf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-