General
-
Target
file.exe
-
Size
560KB
-
Sample
220911-snfy4afegq
-
MD5
c61c0f2027c9d778adc9a1205cf28432
-
SHA1
d0b40543d55d755e837eed841a7a9333f5eb3876
-
SHA256
85245aa479744025f0b3582703dff74aa5e13b28704b011d21a9ec8a443f8516
-
SHA512
e457ecbf4b59e3613defe777f4fb97ebf49f65d1d9ce02479050627c5f00fc0e4331ebc44cef161ca6ad4e7e0bacbb02fc7acd19e5fe52380b323207b9e663c3
-
SSDEEP
12288:+5DklxOTIe+2p13CteqFizauQAaQCilB+Wi:+pz+w3ZyiKUBA
Malware Config
Extracted
redline
Install
69.176.94.78:32241
-
auth_value
262df95952285ebeabc4c91774e37776
Targets
-
-
Target
file.exe
-
Size
560KB
-
MD5
c61c0f2027c9d778adc9a1205cf28432
-
SHA1
d0b40543d55d755e837eed841a7a9333f5eb3876
-
SHA256
85245aa479744025f0b3582703dff74aa5e13b28704b011d21a9ec8a443f8516
-
SHA512
e457ecbf4b59e3613defe777f4fb97ebf49f65d1d9ce02479050627c5f00fc0e4331ebc44cef161ca6ad4e7e0bacbb02fc7acd19e5fe52380b323207b9e663c3
-
SSDEEP
12288:+5DklxOTIe+2p13CteqFizauQAaQCilB+Wi:+pz+w3ZyiKUBA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation