General
-
Target
480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96
-
Size
383KB
-
Sample
230324-wghe5aae2v
-
MD5
e9dce86f601f260626b940ca7ace3226
-
SHA1
850f40279a23a3a7a70336fd07db62dbe6639a6b
-
SHA256
480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96
-
SHA512
cc110c4e187a6518794f4ade5cfe0eb81a75fe07ce3348b50ed01f87d1a2885b3bb296164179ffdb3b6445a1cad53b2124829cc5bb1accffda3cbd0033389877
-
SSDEEP
6144:Nz0zyloLh0gbqpu6i0RhdJ78rFQbzBcQkwCdGuva:J0zyl0h02qu6Jd5bCwuGF
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96
-
Size
383KB
-
MD5
e9dce86f601f260626b940ca7ace3226
-
SHA1
850f40279a23a3a7a70336fd07db62dbe6639a6b
-
SHA256
480011e60555be203912f2989906ec896c8f026b0884dd41d9c8d4331a7e1a96
-
SHA512
cc110c4e187a6518794f4ade5cfe0eb81a75fe07ce3348b50ed01f87d1a2885b3bb296164179ffdb3b6445a1cad53b2124829cc5bb1accffda3cbd0033389877
-
SSDEEP
6144:Nz0zyloLh0gbqpu6i0RhdJ78rFQbzBcQkwCdGuva:J0zyl0h02qu6Jd5bCwuGF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-