General
-
Target
e8231df639c9ac9285b8083d37f0b56ea5167eec805567cd635ba2ea253ada25
-
Size
348KB
-
Sample
230321-3czxyaff7w
-
MD5
a1b3a5aeb0be8e313d30ff2e38080dc7
-
SHA1
1bd1bcfb15f5bcb86b3f66849c76b4ee9d1c97e1
-
SHA256
e8231df639c9ac9285b8083d37f0b56ea5167eec805567cd635ba2ea253ada25
-
SHA512
3fd5f8933777284b80aa2da2a2f235e4d9c8f6c9486786a03c0893c51f7b69955ffa4b92500c9cea7c5afeae369cc3d5c5a31eb33546ee7cbcad0972306866a7
-
SSDEEP
6144:Cz/ckLULhOU6O0zDQztB/9AhaNYHlTa3gntzAJzp3UK5itSvvoKueJtyU:LkLUdOU6O0+/wYpoeLct28
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
e8231df639c9ac9285b8083d37f0b56ea5167eec805567cd635ba2ea253ada25
-
Size
348KB
-
MD5
a1b3a5aeb0be8e313d30ff2e38080dc7
-
SHA1
1bd1bcfb15f5bcb86b3f66849c76b4ee9d1c97e1
-
SHA256
e8231df639c9ac9285b8083d37f0b56ea5167eec805567cd635ba2ea253ada25
-
SHA512
3fd5f8933777284b80aa2da2a2f235e4d9c8f6c9486786a03c0893c51f7b69955ffa4b92500c9cea7c5afeae369cc3d5c5a31eb33546ee7cbcad0972306866a7
-
SSDEEP
6144:Cz/ckLULhOU6O0zDQztB/9AhaNYHlTa3gntzAJzp3UK5itSvvoKueJtyU:LkLUdOU6O0+/wYpoeLct28
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-