General
-
Target
2649d65bd971a74b63f9cc854134599ce6f3829f4f6fc56c105ca7eceea7cf66
-
Size
355KB
-
Sample
230323-3eb9naag73
-
MD5
cc57c91249af3c2e1095be3c872f4a86
-
SHA1
bfb2b936a4bc57c19582b3c6071d1bad1c5767ba
-
SHA256
2649d65bd971a74b63f9cc854134599ce6f3829f4f6fc56c105ca7eceea7cf66
-
SHA512
31ea2e1bd4e7ac8b5984f401583f3138b908bf8e9ddf07bc13efd5ddd0ae9dd3f2dacdbfb0a76283696afcff8eecbccd0cdcb32dcdff099dabde3220eec061d6
-
SSDEEP
6144:N7ag2fLXK6WsaAdBLDdfMosjCdqkn0C2VIQv/h1HufmQ4D:Neg2fzK6WsaA7dfMos+4BzP
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
2649d65bd971a74b63f9cc854134599ce6f3829f4f6fc56c105ca7eceea7cf66
-
Size
355KB
-
MD5
cc57c91249af3c2e1095be3c872f4a86
-
SHA1
bfb2b936a4bc57c19582b3c6071d1bad1c5767ba
-
SHA256
2649d65bd971a74b63f9cc854134599ce6f3829f4f6fc56c105ca7eceea7cf66
-
SHA512
31ea2e1bd4e7ac8b5984f401583f3138b908bf8e9ddf07bc13efd5ddd0ae9dd3f2dacdbfb0a76283696afcff8eecbccd0cdcb32dcdff099dabde3220eec061d6
-
SSDEEP
6144:N7ag2fLXK6WsaAdBLDdfMosjCdqkn0C2VIQv/h1HufmQ4D:Neg2fzK6WsaA7dfMos+4BzP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-