General
-
Target
7802a13a9436c3e7a296b821faac47336cfc9e2927913c1ba5ed4b6e9f9b1b7c
-
Size
361KB
-
Sample
220925-f1sr7sdde3
-
MD5
e2201a4b445f31681f8ac8845dfbcfc3
-
SHA1
b8745dadf4b57f6e767367f270df79c45bed2d3c
-
SHA256
7802a13a9436c3e7a296b821faac47336cfc9e2927913c1ba5ed4b6e9f9b1b7c
-
SHA512
c2c9b8946a4a8e727310f845814f6617378dcafd70c44e4c29370564c5f981522ad875294da800c97b5a6042ea291b6cde83902b9cdd1a1e68e296df96c30e9d
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Malware Config
Extracted
redline
0002
13.72.81.58:13413
-
auth_value
866ce0ed8cfe2be77fb43a4912677698
Targets
-
-
Target
7802a13a9436c3e7a296b821faac47336cfc9e2927913c1ba5ed4b6e9f9b1b7c
-
Size
361KB
-
MD5
e2201a4b445f31681f8ac8845dfbcfc3
-
SHA1
b8745dadf4b57f6e767367f270df79c45bed2d3c
-
SHA256
7802a13a9436c3e7a296b821faac47336cfc9e2927913c1ba5ed4b6e9f9b1b7c
-
SHA512
c2c9b8946a4a8e727310f845814f6617378dcafd70c44e4c29370564c5f981522ad875294da800c97b5a6042ea291b6cde83902b9cdd1a1e68e296df96c30e9d
-
SSDEEP
6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-