General
-
Target
1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7
-
Size
383KB
-
Sample
230324-xx8gxsah9s
-
MD5
c35c43351c96feaa426f4d57d0413ab6
-
SHA1
63a4a1295e7cc7638524840cf72df0112e6282dd
-
SHA256
1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7
-
SHA512
107125b42ee774cb400e96b2a51efe0083c86714bc3352b691e5a3dcd2c794ee8e76890fd472000a798090d1ec4b92355dd0db12a5f3e6cbc788521c0690f54f
-
SSDEEP
6144:Yv7KPnoLhv4WsEL0vE4T/9okG1OqdEwYlva:m7KPn0hAlEYvE49WEbM
Static task
static1
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7
-
Size
383KB
-
MD5
c35c43351c96feaa426f4d57d0413ab6
-
SHA1
63a4a1295e7cc7638524840cf72df0112e6282dd
-
SHA256
1b237dd9b41820712f06e875814646cf41906eb61638aae1e41ed3d337ea1ed7
-
SHA512
107125b42ee774cb400e96b2a51efe0083c86714bc3352b691e5a3dcd2c794ee8e76890fd472000a798090d1ec4b92355dd0db12a5f3e6cbc788521c0690f54f
-
SSDEEP
6144:Yv7KPnoLhv4WsEL0vE4T/9okG1OqdEwYlva:m7KPn0hAlEYvE49WEbM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-