General
-
Target
932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
-
Size
416KB
-
Sample
230202-ltzvtsff99
-
MD5
edcef5c438b6dcc5577fddda5ed4d3a8
-
SHA1
fe528c9c99f71b5b57135e78e75930709adb00c0
-
SHA256
932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
-
SHA512
752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa
-
SSDEEP
12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5
Static task
static1
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
-
Size
416KB
-
MD5
edcef5c438b6dcc5577fddda5ed4d3a8
-
SHA1
fe528c9c99f71b5b57135e78e75930709adb00c0
-
SHA256
932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545
-
SHA512
752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa
-
SSDEEP
12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-