General
-
Target
dc6f943409c443cf3ee53ab223998a375a7d1206d0452680b51aca7983325330
-
Size
340KB
-
Sample
230203-pcs8hafb45
-
MD5
e56dfaffb208739a54db2d2d426b2374
-
SHA1
38dd76be8205248ca82944c4d3bd77692d2839a4
-
SHA256
dc6f943409c443cf3ee53ab223998a375a7d1206d0452680b51aca7983325330
-
SHA512
cc221241081a8771a6f62b6f193967709ef5c4b31ed105d18b04a5b49474d07344e9916b318cc73d460cb2d165e31687d4d913659343255514471cd220ec90c9
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Malware Config
Extracted
redline
24.01
37.220.86.164:29170
-
auth_value
1c7f0aa21138601b5201a3a4a0123991
Targets
-
-
Target
dc6f943409c443cf3ee53ab223998a375a7d1206d0452680b51aca7983325330
-
Size
340KB
-
MD5
e56dfaffb208739a54db2d2d426b2374
-
SHA1
38dd76be8205248ca82944c4d3bd77692d2839a4
-
SHA256
dc6f943409c443cf3ee53ab223998a375a7d1206d0452680b51aca7983325330
-
SHA512
cc221241081a8771a6f62b6f193967709ef5c4b31ed105d18b04a5b49474d07344e9916b318cc73d460cb2d165e31687d4d913659343255514471cd220ec90c9
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-