General
-
Target
6da600582a01c78e46918c988a5c7b5bf6f8280ed0bacd26bb5d0446495bd1df
-
Size
358KB
-
Sample
230321-d3v91aaf5v
-
MD5
b03bee3a7187edf8b50a43c668177999
-
SHA1
749324bc9b91f839edf28f1b48d3116293796366
-
SHA256
6da600582a01c78e46918c988a5c7b5bf6f8280ed0bacd26bb5d0446495bd1df
-
SHA512
cca1f1654cd8c5c3fe0bdbd4530c886f2e32bf5d116b26888d2c40b33bcf2b9ac9502b08ac2c9ac5bc5faac3903a7e59c65e084ca70ec20329aba5367ca89a73
-
SSDEEP
6144:5Bq7LRUOZCq1s4DnoJpzz1c+fPL5zV8kLRRLJtQJZyNHA:5Bq7KOZC2s4Tkz1csz5zV8kT9tf
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
6da600582a01c78e46918c988a5c7b5bf6f8280ed0bacd26bb5d0446495bd1df
-
Size
358KB
-
MD5
b03bee3a7187edf8b50a43c668177999
-
SHA1
749324bc9b91f839edf28f1b48d3116293796366
-
SHA256
6da600582a01c78e46918c988a5c7b5bf6f8280ed0bacd26bb5d0446495bd1df
-
SHA512
cca1f1654cd8c5c3fe0bdbd4530c886f2e32bf5d116b26888d2c40b33bcf2b9ac9502b08ac2c9ac5bc5faac3903a7e59c65e084ca70ec20329aba5367ca89a73
-
SSDEEP
6144:5Bq7LRUOZCq1s4DnoJpzz1c+fPL5zV8kLRRLJtQJZyNHA:5Bq7KOZC2s4Tkz1csz5zV8kT9tf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-