General
-
Target
59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
-
Size
95KB
-
Sample
230421-qfzp5ahe8y
-
MD5
7f6ce8b34ed2ea784c3f051258853941
-
SHA1
9d864fa66a782d3973c2eb0176ba16a86503d3ca
-
SHA256
59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
-
SHA512
1613af32238877d361e70d4f9a2e69a36244675d09f63535a8a7d066855e5f36ca3b640a1805c263bc4f4ecc3d75899efed5c2dd8c4a2f3963e49fb90be1e13f
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2X3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdLY
Malware Config
Extracted
redline
cheat
62.108.37.195:16060
Targets
-
-
Target
59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
-
Size
95KB
-
MD5
7f6ce8b34ed2ea784c3f051258853941
-
SHA1
9d864fa66a782d3973c2eb0176ba16a86503d3ca
-
SHA256
59da329cc7870ef0cf6e6a11554a7c32386eb14552b01fbb2b48b04dc9bd24af
-
SHA512
1613af32238877d361e70d4f9a2e69a36244675d09f63535a8a7d066855e5f36ca3b640a1805c263bc4f4ecc3d75899efed5c2dd8c4a2f3963e49fb90be1e13f
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2X3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdLY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-