General
-
Target
ca1514b18b1fadfa84d5b99b5cd27e80e8f56e52e805758ca8d57b62fe91c655
-
Size
348KB
-
Sample
230322-f93nrsfa96
-
MD5
d4bc2dc117c0241cba60280716b41dc3
-
SHA1
37a5c05dc964358799894e0245438efc22ee635d
-
SHA256
ca1514b18b1fadfa84d5b99b5cd27e80e8f56e52e805758ca8d57b62fe91c655
-
SHA512
da8c2b2a966a6325bc46bc986e697c1f3873105150e601052f5e137e72187f0bc0e8bf8255ca3fdf94abe0f18606be6e117e52b0e4f5beeaae8cc8135712c313
-
SSDEEP
6144:qLHMVtLmLgU6Xif4c+Nhv+RYMhOymwkyBNEd3GGGyh00crpHSa:uStLmEU6XiAc+NhmfIdWGGv0OS
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
ca1514b18b1fadfa84d5b99b5cd27e80e8f56e52e805758ca8d57b62fe91c655
-
Size
348KB
-
MD5
d4bc2dc117c0241cba60280716b41dc3
-
SHA1
37a5c05dc964358799894e0245438efc22ee635d
-
SHA256
ca1514b18b1fadfa84d5b99b5cd27e80e8f56e52e805758ca8d57b62fe91c655
-
SHA512
da8c2b2a966a6325bc46bc986e697c1f3873105150e601052f5e137e72187f0bc0e8bf8255ca3fdf94abe0f18606be6e117e52b0e4f5beeaae8cc8135712c313
-
SSDEEP
6144:qLHMVtLmLgU6Xif4c+Nhv+RYMhOymwkyBNEd3GGGyh00crpHSa:uStLmEU6XiAc+NhmfIdWGGv0OS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-