General
-
Target
20975f72dafc60bc883a0c0d376667c90cd32198752193bb261d8451485d0062
-
Size
347KB
-
Sample
230323-ka5fjagd9t
-
MD5
7faf74300144c1f0328ff44b49852823
-
SHA1
3b28d1ccff42c9d89175ebb63ae70a6bcb8f6565
-
SHA256
20975f72dafc60bc883a0c0d376667c90cd32198752193bb261d8451485d0062
-
SHA512
ee2222bbac4618d2328ef714fe8ab2446e30577ebbc2360286959b32879fc1806279d9bffb3a039664306ff8b8de903d57cd477b3860574ce7de1e9e326a7c89
-
SSDEEP
6144:PKCBLALEk6j34/mDP9o0iUd83AnY7aXXXpfXS:7BLAgk6joqdiUdXnYmXXXpfi
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
20975f72dafc60bc883a0c0d376667c90cd32198752193bb261d8451485d0062
-
Size
347KB
-
MD5
7faf74300144c1f0328ff44b49852823
-
SHA1
3b28d1ccff42c9d89175ebb63ae70a6bcb8f6565
-
SHA256
20975f72dafc60bc883a0c0d376667c90cd32198752193bb261d8451485d0062
-
SHA512
ee2222bbac4618d2328ef714fe8ab2446e30577ebbc2360286959b32879fc1806279d9bffb3a039664306ff8b8de903d57cd477b3860574ce7de1e9e326a7c89
-
SSDEEP
6144:PKCBLALEk6j34/mDP9o0iUd83AnY7aXXXpfXS:7BLAgk6joqdiUdXnYmXXXpfi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-