General
-
Target
df677db31c4c45e7ebb5a5090b7237fde7d3f1decbe68b30fd4204f04a99fb6b
-
Size
401KB
-
Sample
230328-phx4msce9t
-
MD5
8a8c07992ab4af63c56805ff70a5e519
-
SHA1
9d6eab44836b7694c60aa4056a21243f15ef0cb8
-
SHA256
df677db31c4c45e7ebb5a5090b7237fde7d3f1decbe68b30fd4204f04a99fb6b
-
SHA512
8aa62539da8dd6a49662e4903fe6148b794ea91602cdbee4f7085b97f538d11ecef09fc0935b0436283f078ae76787d93651505dcb49522e007af399990bfc78
-
SSDEEP
6144:7X0pHXjypnBxjOAE8X1B9nyyAn6XK7STKtrmB5fxtDDTO:7X0p3WNBQe7VyT667IKtu5LzO
Static task
static1
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
df677db31c4c45e7ebb5a5090b7237fde7d3f1decbe68b30fd4204f04a99fb6b
-
Size
401KB
-
MD5
8a8c07992ab4af63c56805ff70a5e519
-
SHA1
9d6eab44836b7694c60aa4056a21243f15ef0cb8
-
SHA256
df677db31c4c45e7ebb5a5090b7237fde7d3f1decbe68b30fd4204f04a99fb6b
-
SHA512
8aa62539da8dd6a49662e4903fe6148b794ea91602cdbee4f7085b97f538d11ecef09fc0935b0436283f078ae76787d93651505dcb49522e007af399990bfc78
-
SSDEEP
6144:7X0pHXjypnBxjOAE8X1B9nyyAn6XK7STKtrmB5fxtDDTO:7X0p3WNBQe7VyT667IKtu5LzO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-