General
-
Target
46bf09f5e5a0ba9455379b7dd7ae22d839e1af9364ee09be72dd1eb4d8b6561a
-
Size
427KB
-
Sample
230729-dsnr6sag34
-
MD5
516d608231898db450aded12bf6c1c58
-
SHA1
9007b388e816de5b014e0b430b59cb75f5d09397
-
SHA256
46bf09f5e5a0ba9455379b7dd7ae22d839e1af9364ee09be72dd1eb4d8b6561a
-
SHA512
56636a7ad04ef8e94f6d9b5c4f20ad779fa7850c3e1fe6ae1524b59cea44702989290f298797f1e60fba169dbe1828e5d901edffe0aeba2f3b1c6393e1968c4d
-
SSDEEP
6144:ZYhNdL+jLz/izaJyI5NxVc058LRR74tXoY+06ZpLv8Tam62h:ahNdqjPKzaJXDi0al6tZ+LkLh
Static task
static1
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
46bf09f5e5a0ba9455379b7dd7ae22d839e1af9364ee09be72dd1eb4d8b6561a
-
Size
427KB
-
MD5
516d608231898db450aded12bf6c1c58
-
SHA1
9007b388e816de5b014e0b430b59cb75f5d09397
-
SHA256
46bf09f5e5a0ba9455379b7dd7ae22d839e1af9364ee09be72dd1eb4d8b6561a
-
SHA512
56636a7ad04ef8e94f6d9b5c4f20ad779fa7850c3e1fe6ae1524b59cea44702989290f298797f1e60fba169dbe1828e5d901edffe0aeba2f3b1c6393e1968c4d
-
SSDEEP
6144:ZYhNdL+jLz/izaJyI5NxVc058LRR74tXoY+06ZpLv8Tam62h:ahNdqjPKzaJXDi0al6tZ+LkLh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-