General
-
Target
24bb897ab0dcc06d0bb020407cb25b54190add3266a9e228ede73edff84ac24f
-
Size
379KB
-
Sample
230605-3ewnasbb66
-
MD5
23cff27f6b14266b5189e00f80339ed5
-
SHA1
eba9a91f2d8f68336b27441d8754e1b2a9cae6cd
-
SHA256
24bb897ab0dcc06d0bb020407cb25b54190add3266a9e228ede73edff84ac24f
-
SHA512
367d107be496256bc4bd53a2b595045ccce9417a60096ca0294fb63ba53e5b3096e507825973dfe5d05654d55504e3bfa98cd72ae74f414e0b618d1259bc6122
-
SSDEEP
6144:OVC0dRxuu59GITcF2B9NRLbdReqM+uzVJf7CrIqMUAazN:+vau59zBtLbVqDfkBp
Static task
static1
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
24bb897ab0dcc06d0bb020407cb25b54190add3266a9e228ede73edff84ac24f
-
Size
379KB
-
MD5
23cff27f6b14266b5189e00f80339ed5
-
SHA1
eba9a91f2d8f68336b27441d8754e1b2a9cae6cd
-
SHA256
24bb897ab0dcc06d0bb020407cb25b54190add3266a9e228ede73edff84ac24f
-
SHA512
367d107be496256bc4bd53a2b595045ccce9417a60096ca0294fb63ba53e5b3096e507825973dfe5d05654d55504e3bfa98cd72ae74f414e0b618d1259bc6122
-
SSDEEP
6144:OVC0dRxuu59GITcF2B9NRLbdReqM+uzVJf7CrIqMUAazN:+vau59zBtLbVqDfkBp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-