General
-
Target
84bbb780ebe96f35146095794522d95bc2ee44074ea44bf1f7bfd298b6e8d59a
-
Size
370KB
-
Sample
221026-tf7bragbf4
-
MD5
ee35ef302f5ef4111de78c275535af7d
-
SHA1
b3767c50a6a43aa63fd539a4275b66317384d4ff
-
SHA256
84bbb780ebe96f35146095794522d95bc2ee44074ea44bf1f7bfd298b6e8d59a
-
SHA512
a4e5d3743d51417f643ee0649b254f5ec1b9efbc5b9c61d72bec4929936c63f307452d615e9180a8de611a41e2123fb39e032b906407d7441000d5a0693135d6
-
SSDEEP
6144:XY6r/4WLLHQ+w5HUc4HbCrIy5YhiPEwV7cG4LfXip1AeUD3BKVmOdk8:XY6z4W3xwStor5M2EwV7SMAeO3ib
Malware Config
Extracted
redline
dzkey
193.106.191.19:47242
-
auth_value
52a449fd61ad73c3abc266d47c699ceb
Targets
-
-
Target
84bbb780ebe96f35146095794522d95bc2ee44074ea44bf1f7bfd298b6e8d59a
-
Size
370KB
-
MD5
ee35ef302f5ef4111de78c275535af7d
-
SHA1
b3767c50a6a43aa63fd539a4275b66317384d4ff
-
SHA256
84bbb780ebe96f35146095794522d95bc2ee44074ea44bf1f7bfd298b6e8d59a
-
SHA512
a4e5d3743d51417f643ee0649b254f5ec1b9efbc5b9c61d72bec4929936c63f307452d615e9180a8de611a41e2123fb39e032b906407d7441000d5a0693135d6
-
SSDEEP
6144:XY6r/4WLLHQ+w5HUc4HbCrIy5YhiPEwV7cG4LfXip1AeUD3BKVmOdk8:XY6z4W3xwStor5M2EwV7SMAeO3ib
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-