General
-
Target
9c0187e5ca06b72496fb44e31c49257f98d762202a6c1d3f64449320320a1df8
-
Size
425KB
-
Sample
230319-b19nhaed52
-
MD5
cf1d05ef8debbf314a5315ae986cada3
-
SHA1
d3dd80a7906b80bdbc58f2cd4f878a7374901111
-
SHA256
9c0187e5ca06b72496fb44e31c49257f98d762202a6c1d3f64449320320a1df8
-
SHA512
93f00706de772e0e5dbd0795d78cae1051adf3b4590c84832f92acd785cc7efa2688ea91b94395ea94406f6b749b1c1c3c722224eb3eacc425ef6148884db0d3
-
SSDEEP
6144:nh0vvbLyyXGd9jnJzANK6E5f3Byl/ByMX4ifvU2ywmcuQH:svb+yXGd5JUMLRAfsdZqH
Static task
static1
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
9c0187e5ca06b72496fb44e31c49257f98d762202a6c1d3f64449320320a1df8
-
Size
425KB
-
MD5
cf1d05ef8debbf314a5315ae986cada3
-
SHA1
d3dd80a7906b80bdbc58f2cd4f878a7374901111
-
SHA256
9c0187e5ca06b72496fb44e31c49257f98d762202a6c1d3f64449320320a1df8
-
SHA512
93f00706de772e0e5dbd0795d78cae1051adf3b4590c84832f92acd785cc7efa2688ea91b94395ea94406f6b749b1c1c3c722224eb3eacc425ef6148884db0d3
-
SSDEEP
6144:nh0vvbLyyXGd9jnJzANK6E5f3Byl/ByMX4ifvU2ywmcuQH:svb+yXGd5JUMLRAfsdZqH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-