General
-
Target
5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e
-
Size
470KB
-
Sample
230322-vrvmrscb3s
-
MD5
393699c34aa010a6a62934de45a273bd
-
SHA1
3308aeddb3c7fb97ce74f2f5a8510855692ec58c
-
SHA256
5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e
-
SHA512
8972e89f3bca9ea3fc8df2d31b9c89c5c1a40c4477e6ac2b4afd54c67842beb4c57ccb8e3fae859829f3b9c45f94ee14408629e606f7a5d4d6b338307859203d
-
SSDEEP
6144:UXtYIgeMsCIqkN2jaTTgOlWItvXnGBO0obbAL:UXtYIgeM7Ir2j4sOw6+I94L
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e
-
Size
470KB
-
MD5
393699c34aa010a6a62934de45a273bd
-
SHA1
3308aeddb3c7fb97ce74f2f5a8510855692ec58c
-
SHA256
5fcc5e66d6af080fe88b8371b0e28aa707ba3c27ea879e74ea5f72a8c09b516e
-
SHA512
8972e89f3bca9ea3fc8df2d31b9c89c5c1a40c4477e6ac2b4afd54c67842beb4c57ccb8e3fae859829f3b9c45f94ee14408629e606f7a5d4d6b338307859203d
-
SSDEEP
6144:UXtYIgeMsCIqkN2jaTTgOlWItvXnGBO0obbAL:UXtYIgeM7Ir2j4sOw6+I94L
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-