General
-
Target
9fc1d2f4b0dcfa9ed31d874c579a1c486f2233a2303aad210102b8c2c8d9cf06
-
Size
407KB
-
Sample
230727-1dsh5sae4x
-
MD5
620c8fc49bedcb02782b6ee3f351298e
-
SHA1
ea532ffd7091db4e88d41a22caef41cb1c1d5b5e
-
SHA256
9fc1d2f4b0dcfa9ed31d874c579a1c486f2233a2303aad210102b8c2c8d9cf06
-
SHA512
6134166824145cb4ba63bcbced67cef7f859d9196d631e10ae9324e048c4e456292c0bb18c25dfe6418a7a0fc19b53b573e938588ec2d40df5cef6541f4cf591
-
SSDEEP
6144:RdFSH4FqZkP1Gnk08pDOMMfzWHf1DPkDkwqpBqsGRMmY27bt:RdXFSkP1GiSVzWikwqpkEmz
Static task
static1
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
9fc1d2f4b0dcfa9ed31d874c579a1c486f2233a2303aad210102b8c2c8d9cf06
-
Size
407KB
-
MD5
620c8fc49bedcb02782b6ee3f351298e
-
SHA1
ea532ffd7091db4e88d41a22caef41cb1c1d5b5e
-
SHA256
9fc1d2f4b0dcfa9ed31d874c579a1c486f2233a2303aad210102b8c2c8d9cf06
-
SHA512
6134166824145cb4ba63bcbced67cef7f859d9196d631e10ae9324e048c4e456292c0bb18c25dfe6418a7a0fc19b53b573e938588ec2d40df5cef6541f4cf591
-
SSDEEP
6144:RdFSH4FqZkP1Gnk08pDOMMfzWHf1DPkDkwqpBqsGRMmY27bt:RdXFSkP1GiSVzWikwqpkEmz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-