General
-
Target
bb70b86cc091a54a4b0b48a63a8cdb5e90a9c9d83530eb4e569ed5a089bb0437
-
Size
377KB
-
Sample
230607-ghrmvshe71
-
MD5
c60bc71de2460210ce4dcfb152a3fa54
-
SHA1
251a5a64c0ac3f89a3a41489030c4aee83cd37b9
-
SHA256
bb70b86cc091a54a4b0b48a63a8cdb5e90a9c9d83530eb4e569ed5a089bb0437
-
SHA512
6049229f0ab229f0ede2f9325b0d84b22627baadb20874a0f51400966c008088ab91d80f8f2d4aae55868c455c85693bf01eb62749642045c30e696dab27823a
-
SSDEEP
6144:VzCJZ4Xj6flmyrew+SMFMn95vbQJuwmqNUTRgIec6EnC+ojgZe9:+GMbD+SME5vsQq2Tdxcdt
Static task
static1
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
bb70b86cc091a54a4b0b48a63a8cdb5e90a9c9d83530eb4e569ed5a089bb0437
-
Size
377KB
-
MD5
c60bc71de2460210ce4dcfb152a3fa54
-
SHA1
251a5a64c0ac3f89a3a41489030c4aee83cd37b9
-
SHA256
bb70b86cc091a54a4b0b48a63a8cdb5e90a9c9d83530eb4e569ed5a089bb0437
-
SHA512
6049229f0ab229f0ede2f9325b0d84b22627baadb20874a0f51400966c008088ab91d80f8f2d4aae55868c455c85693bf01eb62749642045c30e696dab27823a
-
SSDEEP
6144:VzCJZ4Xj6flmyrew+SMFMn95vbQJuwmqNUTRgIec6EnC+ojgZe9:+GMbD+SME5vsQq2Tdxcdt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-