General
-
Target
cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69
-
Size
5.4MB
-
Sample
230712-khe6lsdf2x
-
MD5
baa6bf9f27d3f62d25203d81dba29652
-
SHA1
9de6eb304b450e19ac0ddf490e50ba2a78e69fe7
-
SHA256
cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69
-
SHA512
38f8f7000db573b468f9ed7e7808d3fcdd096c9f866239e3a014270a0d9fdd6ae39ad0160eef5754817cc6828181dc5b50ac71ce4735be249f47deb93f0a51c9
-
SSDEEP
98304:m43tpINuCfbWcd7Hzk7H07lu4UtbtEh+waQb2vTT6QJN3A87Ptnx:m4P0fSp0k4rUweH6QJ6SPt
Static task
static1
Malware Config
Extracted
redline
2
65.21.118.109:42825
-
auth_value
94b6263d6b4ea59b523674dfddf3486c
Targets
-
-
Target
cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69
-
Size
5.4MB
-
MD5
baa6bf9f27d3f62d25203d81dba29652
-
SHA1
9de6eb304b450e19ac0ddf490e50ba2a78e69fe7
-
SHA256
cb3e380fd76299c7f0e36b352705756f3bc8b826f2244647d0e849b64a0fee69
-
SHA512
38f8f7000db573b468f9ed7e7808d3fcdd096c9f866239e3a014270a0d9fdd6ae39ad0160eef5754817cc6828181dc5b50ac71ce4735be249f47deb93f0a51c9
-
SSDEEP
98304:m43tpINuCfbWcd7Hzk7H07lu4UtbtEh+waQb2vTT6QJN3A87Ptnx:m4P0fSp0k4rUweH6QJ6SPt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-