General
-
Target
4ce53e21f4de9b12a8e98d42f9fab6298f6b769c68d7cc05d087f0e39f961a05
-
Size
410KB
-
Sample
230727-l5r95adh87
-
MD5
9ccd87482f0222009f8b75604b0d9c76
-
SHA1
0acf18140136495ffd18396346db858da126bda7
-
SHA256
4ce53e21f4de9b12a8e98d42f9fab6298f6b769c68d7cc05d087f0e39f961a05
-
SHA512
d9bb5fcf162cdca74934d2675d6f7363e41f0b75a9e69c243c4a29844a06ec28d2b16e575c12fe65b01fd1e53fae70582b817934593c9c4426edfe06f1dffc41
-
SSDEEP
6144:BXl+kGajKAmOpgljkOYVRN4joMGslB6QNTF6+2y:GauAmOOljjonslsQvIy
Static task
static1
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
4ce53e21f4de9b12a8e98d42f9fab6298f6b769c68d7cc05d087f0e39f961a05
-
Size
410KB
-
MD5
9ccd87482f0222009f8b75604b0d9c76
-
SHA1
0acf18140136495ffd18396346db858da126bda7
-
SHA256
4ce53e21f4de9b12a8e98d42f9fab6298f6b769c68d7cc05d087f0e39f961a05
-
SHA512
d9bb5fcf162cdca74934d2675d6f7363e41f0b75a9e69c243c4a29844a06ec28d2b16e575c12fe65b01fd1e53fae70582b817934593c9c4426edfe06f1dffc41
-
SSDEEP
6144:BXl+kGajKAmOpgljkOYVRN4joMGslB6QNTF6+2y:GauAmOOljjonslsQvIy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-