General
-
Target
1252f88a1cce4634fe3a1f67d99e66f7bfa9bee5404eb2561e1c4c49ea48167a
-
Size
466KB
-
Sample
230322-t72kksab42
-
MD5
d1208115211686199c358cc923b9fbb6
-
SHA1
7f1953a7ea547364ef6a120495ec48b60d436760
-
SHA256
1252f88a1cce4634fe3a1f67d99e66f7bfa9bee5404eb2561e1c4c49ea48167a
-
SHA512
8c38cc110566b78a90280f30d0eb4725d35672e702fcdde259a25c9091ea40cf41057ab413ed9636fe3e37629c71fbe0e3e395f0f0324a5c4020e265a4d32266
-
SSDEEP
6144:OEBEZ2/4aMec0TKFKg05dflLRHCzsnGkKZrLPs:OEBEZ2wa7TnnfpVnAhw
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
1252f88a1cce4634fe3a1f67d99e66f7bfa9bee5404eb2561e1c4c49ea48167a
-
Size
466KB
-
MD5
d1208115211686199c358cc923b9fbb6
-
SHA1
7f1953a7ea547364ef6a120495ec48b60d436760
-
SHA256
1252f88a1cce4634fe3a1f67d99e66f7bfa9bee5404eb2561e1c4c49ea48167a
-
SHA512
8c38cc110566b78a90280f30d0eb4725d35672e702fcdde259a25c9091ea40cf41057ab413ed9636fe3e37629c71fbe0e3e395f0f0324a5c4020e265a4d32266
-
SSDEEP
6144:OEBEZ2/4aMec0TKFKg05dflLRHCzsnGkKZrLPs:OEBEZ2wa7TnnfpVnAhw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-