General
-
Target
211d2035ff4e36aae768d80e90f998986db910bbc0037c66082b743e2c2bd797
-
Size
340KB
-
Sample
230203-pp6pcsfb97
-
MD5
82f0b5e56c0b6092a9c84b6c4fd42091
-
SHA1
bac9da8041dc10d1c00abf84d901a43fc6cc726b
-
SHA256
211d2035ff4e36aae768d80e90f998986db910bbc0037c66082b743e2c2bd797
-
SHA512
6eb7cd1efeea5acd1328e2c73c9cfb836c22326f0221d3678e22caa58152824252d799c278caea70ba228fe24fc9f2d9c6295ab83c50c80247448b22c64a6646
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Malware Config
Extracted
redline
24.01
37.220.86.164:29170
-
auth_value
1c7f0aa21138601b5201a3a4a0123991
Targets
-
-
Target
211d2035ff4e36aae768d80e90f998986db910bbc0037c66082b743e2c2bd797
-
Size
340KB
-
MD5
82f0b5e56c0b6092a9c84b6c4fd42091
-
SHA1
bac9da8041dc10d1c00abf84d901a43fc6cc726b
-
SHA256
211d2035ff4e36aae768d80e90f998986db910bbc0037c66082b743e2c2bd797
-
SHA512
6eb7cd1efeea5acd1328e2c73c9cfb836c22326f0221d3678e22caa58152824252d799c278caea70ba228fe24fc9f2d9c6295ab83c50c80247448b22c64a6646
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-