General
-
Target
f8557acf9ca75ea883f9cc7fd729b0c8181675a540fedc1a3d7c9fd3d1794123
-
Size
454KB
-
Sample
230321-wqdtascd39
-
MD5
d3e16996e70b639026db8aa33ae036e0
-
SHA1
7c54072a8e5e2df31bb4fb73efc67d72f7cae7ce
-
SHA256
f8557acf9ca75ea883f9cc7fd729b0c8181675a540fedc1a3d7c9fd3d1794123
-
SHA512
b77a963223deaca5669c35d2bb4e40230c2dfa06a6940450b15371984463f5ff8cb13d1963ba1c248f0fbcb7491b4b1d69f2f8a51e2a09fb44519491876f7848
-
SSDEEP
6144:yCNLsL6j6ttzJpbBUZu0ZUF7oM6SSziFOZRmGc964Wz23m:bNLsmj6ttzHbBDdF7cSSiYKW
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
f8557acf9ca75ea883f9cc7fd729b0c8181675a540fedc1a3d7c9fd3d1794123
-
Size
454KB
-
MD5
d3e16996e70b639026db8aa33ae036e0
-
SHA1
7c54072a8e5e2df31bb4fb73efc67d72f7cae7ce
-
SHA256
f8557acf9ca75ea883f9cc7fd729b0c8181675a540fedc1a3d7c9fd3d1794123
-
SHA512
b77a963223deaca5669c35d2bb4e40230c2dfa06a6940450b15371984463f5ff8cb13d1963ba1c248f0fbcb7491b4b1d69f2f8a51e2a09fb44519491876f7848
-
SSDEEP
6144:yCNLsL6j6ttzJpbBUZu0ZUF7oM6SSziFOZRmGc964Wz23m:bNLsmj6ttzHbBDdF7cSSiYKW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-