General
-
Target
f564ddf6b1dfef9e20cb3ecd643f68fdc4500de9518ab943c3c53fb38339d5e0
-
Size
354KB
-
Sample
230323-f71fmaff7v
-
MD5
568e2f8f08423868ec7eb21d6006c5ab
-
SHA1
8ed9d49a2e8d261d639463858bc2edaacb7131f2
-
SHA256
f564ddf6b1dfef9e20cb3ecd643f68fdc4500de9518ab943c3c53fb38339d5e0
-
SHA512
d8b6e7e70db4ded78cbbc93a7e78d879243ba01f3dea6eea6721920f21fe60d0ca69a53bc0a6fc96d8fdba4f5e331cc508742264491b0e348a418a7a5477dc74
-
SSDEEP
6144:KFL3ON9cDuH4yyQmGiGD13Ajmlu6gz7ASm5oQjDN5:GL3ON9XYyyQmGp13Ay86gz7aoQjDN5
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
f564ddf6b1dfef9e20cb3ecd643f68fdc4500de9518ab943c3c53fb38339d5e0
-
Size
354KB
-
MD5
568e2f8f08423868ec7eb21d6006c5ab
-
SHA1
8ed9d49a2e8d261d639463858bc2edaacb7131f2
-
SHA256
f564ddf6b1dfef9e20cb3ecd643f68fdc4500de9518ab943c3c53fb38339d5e0
-
SHA512
d8b6e7e70db4ded78cbbc93a7e78d879243ba01f3dea6eea6721920f21fe60d0ca69a53bc0a6fc96d8fdba4f5e331cc508742264491b0e348a418a7a5477dc74
-
SSDEEP
6144:KFL3ON9cDuH4yyQmGiGD13Ajmlu6gz7ASm5oQjDN5:GL3ON9XYyyQmGp13Ay86gz7aoQjDN5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-