General
-
Target
2a6796c5b58fee789debd9381480a1d1c014345985c8c19f8d3a534e10a58aa0
-
Size
413KB
-
Sample
230608-l1pcnsdh64
-
MD5
24d223a9bbd4d975167ed8fd9abd5965
-
SHA1
a944c68de5aa838e9e7949a6f9ee37d1a692ee54
-
SHA256
2a6796c5b58fee789debd9381480a1d1c014345985c8c19f8d3a534e10a58aa0
-
SHA512
e9c05eaaafba5345e24cd20724a09ff805b2443d51d6e49a1465130356eb9e491e5b548073280839f5586b16d844cd21737ceca5eb223ca1ef23117e4c488113
-
SSDEEP
6144:rRins4/eMJLqo66EEFtKvfD4yPpQmkDxZTT96TzBJbmJ:t2eMJrlFtM4mpQhDxdITzBJG
Static task
static1
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
2a6796c5b58fee789debd9381480a1d1c014345985c8c19f8d3a534e10a58aa0
-
Size
413KB
-
MD5
24d223a9bbd4d975167ed8fd9abd5965
-
SHA1
a944c68de5aa838e9e7949a6f9ee37d1a692ee54
-
SHA256
2a6796c5b58fee789debd9381480a1d1c014345985c8c19f8d3a534e10a58aa0
-
SHA512
e9c05eaaafba5345e24cd20724a09ff805b2443d51d6e49a1465130356eb9e491e5b548073280839f5586b16d844cd21737ceca5eb223ca1ef23117e4c488113
-
SSDEEP
6144:rRins4/eMJLqo66EEFtKvfD4yPpQmkDxZTT96TzBJbmJ:t2eMJrlFtM4mpQhDxdITzBJG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-