General
-
Target
279214a98d2498268ddf5bbd6befc679535b915eeae6fc1aeece84f10f539c42
-
Size
309KB
-
Sample
221004-dc4hpahgbp
-
MD5
1e3e0360663535810ba4e767d38ed514
-
SHA1
468ea38848d1a0cabb75d966dcb11e48d6997440
-
SHA256
279214a98d2498268ddf5bbd6befc679535b915eeae6fc1aeece84f10f539c42
-
SHA512
a52250182885808dd9bf79beff1dc327a1fca6e40a69b97ef83774183198ce95721c88d0c1eae734158dc3b62d5e2e579a4a66cbb0fff1b6a53299f9818c0aee
-
SSDEEP
6144:jQ1lxq6O8dsF43zkexngFqX3SBf7WMXbgCDs:slg6O8dsF43zzgFqX3uWObgR
Malware Config
Extracted
redline
20221001
89.22.235.53:16640
-
auth_value
7c7a8658971281de82db43a3b9284d97
Targets
-
-
Target
Toefl-Ibt托福分類字彙增訂版pdf.exe
-
Size
413KB
-
MD5
ffdf0b9d1e848d08a90ac137af2f95fe
-
SHA1
12bfd2656c9af248b09ba247454e0b311b713446
-
SHA256
95168bce6db5daaad1bae772ea4f7e9e35bad8a59811512d79e3c65a41b49fd0
-
SHA512
eff3d60fa424f6945fd8ce19a8896791da73630d513922090ffedd68204e2fb5a57812dbb4dc3c9f39ed4097313f6855c1828231fe966ef2c2975623215de8ad
-
SSDEEP
6144:C8lt7i6dsFY3DkexnCFqXF5wPRBuzbgwubpwVfKak:CUi6dsFY3DzCFqXYunn8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-