General
-
Target
c6ee0ec50e63306c4aaf08eb47b1ceb1f58fe4eb00dd1f67bf7f9b1e486d2ff5
-
Size
340KB
-
Sample
230203-p4y8tsfd45
-
MD5
de9ad3fe09a6e7200daf197454280f0b
-
SHA1
4024efb3022adb17c5920819138cd90faa90c720
-
SHA256
c6ee0ec50e63306c4aaf08eb47b1ceb1f58fe4eb00dd1f67bf7f9b1e486d2ff5
-
SHA512
d694e619696ba04975b14197b7e88c85ad3a7a2160128ce3f55fe1c401d2c0f8c36ad252a49236041edc93b70941aa20cbec0c4f61f9b6f5d9415a1db71af972
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Malware Config
Extracted
redline
24.01
37.220.86.164:29170
-
auth_value
1c7f0aa21138601b5201a3a4a0123991
Targets
-
-
Target
c6ee0ec50e63306c4aaf08eb47b1ceb1f58fe4eb00dd1f67bf7f9b1e486d2ff5
-
Size
340KB
-
MD5
de9ad3fe09a6e7200daf197454280f0b
-
SHA1
4024efb3022adb17c5920819138cd90faa90c720
-
SHA256
c6ee0ec50e63306c4aaf08eb47b1ceb1f58fe4eb00dd1f67bf7f9b1e486d2ff5
-
SHA512
d694e619696ba04975b14197b7e88c85ad3a7a2160128ce3f55fe1c401d2c0f8c36ad252a49236041edc93b70941aa20cbec0c4f61f9b6f5d9415a1db71af972
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-