General
-
Target
c65c38791e5aab1685e368fb5ecf1a26ad1392104e10ca763696f2575bfb4918
-
Size
354KB
-
Sample
230323-ansc1sec5y
-
MD5
4de2587eb077f2262ce634aee6d78a78
-
SHA1
7f9f4b7bba5fddcf6896c2ea1066ebf908af6ff3
-
SHA256
c65c38791e5aab1685e368fb5ecf1a26ad1392104e10ca763696f2575bfb4918
-
SHA512
2f526e8d4146da284197987e5a642722e37e38c189d3b023ee97f1c183ac93cbc53d4efde9ee87bd879998048d532c792e389c567b214336a47d176b08ad1b94
-
SSDEEP
6144:px4uO3ldNVkOT7eWBIlMZw78aPtpO8lg485Z6:pKuOVdNVkO6ie5O0g95Z6
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
c65c38791e5aab1685e368fb5ecf1a26ad1392104e10ca763696f2575bfb4918
-
Size
354KB
-
MD5
4de2587eb077f2262ce634aee6d78a78
-
SHA1
7f9f4b7bba5fddcf6896c2ea1066ebf908af6ff3
-
SHA256
c65c38791e5aab1685e368fb5ecf1a26ad1392104e10ca763696f2575bfb4918
-
SHA512
2f526e8d4146da284197987e5a642722e37e38c189d3b023ee97f1c183ac93cbc53d4efde9ee87bd879998048d532c792e389c567b214336a47d176b08ad1b94
-
SSDEEP
6144:px4uO3ldNVkOT7eWBIlMZw78aPtpO8lg485Z6:pKuOVdNVkO6ie5O0g95Z6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-