General
-
Target
d50e10144bc72e7fcc4327b46ed87ce932e8fc440819ab8a551198a65448d9e3
-
Size
348KB
-
Sample
230321-2b2vgafd7v
-
MD5
bf88e8945a563130871e793937913c4e
-
SHA1
e9fe0d9f43d22fab72b0e8d1d5c461f226691e94
-
SHA256
d50e10144bc72e7fcc4327b46ed87ce932e8fc440819ab8a551198a65448d9e3
-
SHA512
827abe52041e085e00c29df82d10dc0310abd81147d5d1047dd702472c428ff0bc9dc6f687b3a8f0b7924f8ea802019825a5d55e4f50bb5a85b22e20231925dd
-
SSDEEP
6144:omRRnHLpLvUU6W5eW/bzCNo/ekdH8SZvxeDMfqHoX8tEr:9HLpTUU6WzqyLv5ccq88S
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
d50e10144bc72e7fcc4327b46ed87ce932e8fc440819ab8a551198a65448d9e3
-
Size
348KB
-
MD5
bf88e8945a563130871e793937913c4e
-
SHA1
e9fe0d9f43d22fab72b0e8d1d5c461f226691e94
-
SHA256
d50e10144bc72e7fcc4327b46ed87ce932e8fc440819ab8a551198a65448d9e3
-
SHA512
827abe52041e085e00c29df82d10dc0310abd81147d5d1047dd702472c428ff0bc9dc6f687b3a8f0b7924f8ea802019825a5d55e4f50bb5a85b22e20231925dd
-
SSDEEP
6144:omRRnHLpLvUU6W5eW/bzCNo/ekdH8SZvxeDMfqHoX8tEr:9HLpTUU6WzqyLv5ccq88S
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-