General
-
Target
b81c8ecde034b58397c3e5d932f1fdc75ec280c2c0ec345ac38770c544e40713
-
Size
332KB
-
Sample
230607-yx4dmsga5x
-
MD5
e120635cf689268b5a200ea1388884ad
-
SHA1
c7802f87fa6a60c59d369ecad00941b5ae258d8a
-
SHA256
b81c8ecde034b58397c3e5d932f1fdc75ec280c2c0ec345ac38770c544e40713
-
SHA512
01ba27539b57328985353f47e3698318f58f6be9e2c2acad0deca7d9a55986bf5deb4ff8ec3d0738900c89f76b7700518fef7323020ca3e8eb778a279f2acfc7
-
SSDEEP
3072:T4134RNlQo/crKZ2GMbh1Ehsv0XuWBGEPzurkNCClWVTfPOxOG3pulhEvL9Bl73S:gINuoXMGMnCzuWMqzu4efeOGZchiL3S
Static task
static1
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
b81c8ecde034b58397c3e5d932f1fdc75ec280c2c0ec345ac38770c544e40713
-
Size
332KB
-
MD5
e120635cf689268b5a200ea1388884ad
-
SHA1
c7802f87fa6a60c59d369ecad00941b5ae258d8a
-
SHA256
b81c8ecde034b58397c3e5d932f1fdc75ec280c2c0ec345ac38770c544e40713
-
SHA512
01ba27539b57328985353f47e3698318f58f6be9e2c2acad0deca7d9a55986bf5deb4ff8ec3d0738900c89f76b7700518fef7323020ca3e8eb778a279f2acfc7
-
SSDEEP
3072:T4134RNlQo/crKZ2GMbh1Ehsv0XuWBGEPzurkNCClWVTfPOxOG3pulhEvL9Bl73S:gINuoXMGMnCzuWMqzu4efeOGZchiL3S
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-