General
-
Target
fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1
-
Size
399KB
-
Sample
230202-m3zrvshg8t
-
MD5
0ec61b221ab8f72bfaa28ccef40a0ee2
-
SHA1
c392b83fc95630c2828a4ae644c402715a85e916
-
SHA256
fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1
-
SHA512
254bc9c2f9817c180f96b03687caa1fc1de774382960f27805eac7476f40b05b4df2ba1d74084f5b7c496776e08da4ece5f0585caf0c1ab203ae73550f4bc717
-
SSDEEP
6144:SodL3pYLOknp5aXPtLLOe/nAxhzgEpmOhZyDt3urqei8K69/CJTk637eQfnd5zB+:njcOIrglniuGmOSDteOmZ9CJb7d5Q
Static task
static1
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1
-
Size
399KB
-
MD5
0ec61b221ab8f72bfaa28ccef40a0ee2
-
SHA1
c392b83fc95630c2828a4ae644c402715a85e916
-
SHA256
fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1
-
SHA512
254bc9c2f9817c180f96b03687caa1fc1de774382960f27805eac7476f40b05b4df2ba1d74084f5b7c496776e08da4ece5f0585caf0c1ab203ae73550f4bc717
-
SSDEEP
6144:SodL3pYLOknp5aXPtLLOe/nAxhzgEpmOhZyDt3urqei8K69/CJTk637eQfnd5zB+:njcOIrglniuGmOSDteOmZ9CJb7d5Q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-