General
-
Target
acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
-
Size
467KB
-
Sample
230322-lxtg8agb52
-
MD5
3ade6bcbe69fbd58b3792087e45e88ff
-
SHA1
d7499095da19277837555e0a4efbb3c78ea2a9a0
-
SHA256
acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
-
SHA512
ca6592e6a4ba06f6bb18f95797d3736eb348d26cc3b073ffaa891422ddec69b33ecba291488256891062672418d1d0100027a4fff28a1c1cb1e016d6f2f61b79
-
SSDEEP
3072:664Tl4UC/2fjuaU7/eUJA77RezEEP4d+J4JX+UuJ2m/WfEAcfvHNG59ssI3KNrOq:bbaYmz70YEP4d+GJHuh+fPcXHk9ssq
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
-
Size
467KB
-
MD5
3ade6bcbe69fbd58b3792087e45e88ff
-
SHA1
d7499095da19277837555e0a4efbb3c78ea2a9a0
-
SHA256
acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
-
SHA512
ca6592e6a4ba06f6bb18f95797d3736eb348d26cc3b073ffaa891422ddec69b33ecba291488256891062672418d1d0100027a4fff28a1c1cb1e016d6f2f61b79
-
SSDEEP
3072:664Tl4UC/2fjuaU7/eUJA77RezEEP4d+J4JX+UuJ2m/WfEAcfvHNG59ssI3KNrOq:bbaYmz70YEP4d+GJHuh+fPcXHk9ssq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-