General
-
Target
build_240222_174228.zip
-
Size
140KB
-
Sample
240222-va1gpacf5y
-
MD5
c0794af593e377f0fe27bdcbc13d4a11
-
SHA1
9ea47cd4b22cadd7482e5fffa4b22e45c981c260
-
SHA256
0f4150600bf973df042a0ce696f230c64aca2a527f2c6c419a72f18c688f2909
-
SHA512
c658278f6d780db4a0ad9c714a9998028c6640b618784650af05b87609e6b3a3aa96ad0da3e46496023280010b2a6d3fadd947ca6558fc17c6a1fbcf3149b930
-
SSDEEP
3072:TjWJEbmzAynNHFzGsrm9MWmcMR37FQ9+7df9Y7M/nKImgsxwTCC1:TqJcLynNlx69xmh7G+B1Y7onHmR4C0
Static task
static1
Malware Config
Extracted
redline
810467741
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
crypted810467741LQLUK.png .scr
-
Size
330KB
-
MD5
13da785fc61c281c43c93c7357b9c16e
-
SHA1
e115ec17be3be5481bb5646f858a133c425f8d72
-
SHA256
ad5dbad61acbfa7b465a57ff5a90055c39669e01a5767fd6b5845b2ca619e9df
-
SHA512
102f16ebd514cc1afed8371c810d328fa63cbef473f1d69552ae0f7ef1ed7d6f13f563e37605b9ba522fa17eec753ac750619e248be1f40b0637ddee2343739e
-
SSDEEP
6144:LlGBaPYQE8PQy1w5dUPPNyu2C80vjSye+8Tcpby6:LlGBNgc5aPP/80vjUTcpby6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-