General
-
Target
10cd983eb73d4fd716a58472e942a7cf91cfb472c618a3b2a6a79d45dc25fc5d
-
Size
466KB
-
Sample
230322-gpb6rahb2s
-
MD5
82d8d338960db1c05bb8aba543f131bf
-
SHA1
37c9ea57a12a6b1de9341b34c2ab72c364da1f11
-
SHA256
10cd983eb73d4fd716a58472e942a7cf91cfb472c618a3b2a6a79d45dc25fc5d
-
SHA512
80a1d49a344818e00e4aa8cab9f3d11e5984593a0cc2c9c090cfe5e702ca42fc1d9ff63f000504a15dc89b109642c2d008a8cffedb596fe00aaa43d8dd5a3fc1
-
SSDEEP
6144:hksBR2uiAmRlwO32J9vqVyykyttOkvn2gO:hkkR2Z32J9vqsyk+MezO
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
10cd983eb73d4fd716a58472e942a7cf91cfb472c618a3b2a6a79d45dc25fc5d
-
Size
466KB
-
MD5
82d8d338960db1c05bb8aba543f131bf
-
SHA1
37c9ea57a12a6b1de9341b34c2ab72c364da1f11
-
SHA256
10cd983eb73d4fd716a58472e942a7cf91cfb472c618a3b2a6a79d45dc25fc5d
-
SHA512
80a1d49a344818e00e4aa8cab9f3d11e5984593a0cc2c9c090cfe5e702ca42fc1d9ff63f000504a15dc89b109642c2d008a8cffedb596fe00aaa43d8dd5a3fc1
-
SSDEEP
6144:hksBR2uiAmRlwO32J9vqVyykyttOkvn2gO:hkkR2Z32J9vqsyk+MezO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-