General
-
Target
4be4544201ade85dc34ed3db64a67c7eca8064912c3268eb0a07d5e8ae60e7c2
-
Size
340KB
-
Sample
221111-r2m4wsgc36
-
MD5
906a03e998f7bb7545dbbc1ba626a67b
-
SHA1
d2d143a8b02a59eafb449ce6480dfc242a1e6d88
-
SHA256
4be4544201ade85dc34ed3db64a67c7eca8064912c3268eb0a07d5e8ae60e7c2
-
SHA512
c7590f54c54b15d00d10e07aa770923849512724e57ac6f62fa928dbf0974701221387b7875905529ed1d0356f29764907a67abc129a417649e6b5b17cad2695
-
SSDEEP
6144:MH8JLwOJiM6f9qsQmIF5iNjr209A13NsNqhO5hHKsTTo11d0VKz5b60n6sJFiQ:McJsOJiMhNLiZFi3NMha1AKzpCsz
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
4be4544201ade85dc34ed3db64a67c7eca8064912c3268eb0a07d5e8ae60e7c2
-
Size
340KB
-
MD5
906a03e998f7bb7545dbbc1ba626a67b
-
SHA1
d2d143a8b02a59eafb449ce6480dfc242a1e6d88
-
SHA256
4be4544201ade85dc34ed3db64a67c7eca8064912c3268eb0a07d5e8ae60e7c2
-
SHA512
c7590f54c54b15d00d10e07aa770923849512724e57ac6f62fa928dbf0974701221387b7875905529ed1d0356f29764907a67abc129a417649e6b5b17cad2695
-
SSDEEP
6144:MH8JLwOJiM6f9qsQmIF5iNjr209A13NsNqhO5hHKsTTo11d0VKz5b60n6sJFiQ:McJsOJiMhNLiZFi3NMha1AKzpCsz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-