General
-
Target
77edaac869a0bd1a95c076cda1bd2bb0ab5d331e98d9b0ee2c8413c3164e5a4b
-
Size
361KB
-
Sample
220925-dv548sdab5
-
MD5
526274a82db350b211e73d900e8e5d0f
-
SHA1
a866d4dce7494d4a578d4ba12e89ea90b96a94dd
-
SHA256
77edaac869a0bd1a95c076cda1bd2bb0ab5d331e98d9b0ee2c8413c3164e5a4b
-
SHA512
f21d09ceb44cd6b3d6f01c1be3f6108977218609c315be35d44e98a52492fc004c8e7ad7bfb561abfc8ae83f620ac8ed6fc0d17fd9c6427c1657dd071f6df4d5
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
77edaac869a0bd1a95c076cda1bd2bb0ab5d331e98d9b0ee2c8413c3164e5a4b
-
Size
361KB
-
MD5
526274a82db350b211e73d900e8e5d0f
-
SHA1
a866d4dce7494d4a578d4ba12e89ea90b96a94dd
-
SHA256
77edaac869a0bd1a95c076cda1bd2bb0ab5d331e98d9b0ee2c8413c3164e5a4b
-
SHA512
f21d09ceb44cd6b3d6f01c1be3f6108977218609c315be35d44e98a52492fc004c8e7ad7bfb561abfc8ae83f620ac8ed6fc0d17fd9c6427c1657dd071f6df4d5
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-