General
-
Target
d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
-
Size
365KB
-
Sample
230606-rbpj2aef2t
-
MD5
6eb5cc38086de64538a97377aa468208
-
SHA1
bf3890b30f71018c1215d03985461ab28c756a7e
-
SHA256
d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
-
SHA512
91fcb130c165a608b81db198c76d036bc6a99967d9e9956dd2729be8d70d4595456a73a052df958288ebaf5e27a957e5941c2ee8feaa18b4306db4da32fa1ba2
-
SSDEEP
6144:zFQJ9D4P5ciXub6S+mG1n+za0jZGQcrQrD:zi3D4P56GS1GBoa0UQcr+
Static task
static1
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
-
Size
365KB
-
MD5
6eb5cc38086de64538a97377aa468208
-
SHA1
bf3890b30f71018c1215d03985461ab28c756a7e
-
SHA256
d5fa3c20ae90496a98eb2a6368cf828625507270eaa16934689b4e9959b5d910
-
SHA512
91fcb130c165a608b81db198c76d036bc6a99967d9e9956dd2729be8d70d4595456a73a052df958288ebaf5e27a957e5941c2ee8feaa18b4306db4da32fa1ba2
-
SSDEEP
6144:zFQJ9D4P5ciXub6S+mG1n+za0jZGQcrQrD:zi3D4P56GS1GBoa0UQcr+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-