General
-
Target
516a0e7606deec9f838d4b83c398a5e9643bce8629d4cacc0c971e830c9983b7.exe
-
Size
428KB
-
Sample
221116-ryxh6aff8s
-
MD5
98e5d159ec5cbda3dbb955b0b28c805a
-
SHA1
e7d4d7ba0de42a26efd1c49b85024422649f0e14
-
SHA256
516a0e7606deec9f838d4b83c398a5e9643bce8629d4cacc0c971e830c9983b7
-
SHA512
3eb3b626b1007b0b053baade69f0a43b8484c2ccd9b8742dad713d017db9041dc34b50c42d66eeeea7f464be9dad81459dd8383897d9e15b516c53809eb4cd3f
-
SSDEEP
6144:WuCtjLnQOSKWu5RfoPVieOhTEJfpEw/lIV9N00UMiEndTQ:WBlLQOSiOVVYEJfpJW/1iUdT
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
516a0e7606deec9f838d4b83c398a5e9643bce8629d4cacc0c971e830c9983b7.exe
-
Size
428KB
-
MD5
98e5d159ec5cbda3dbb955b0b28c805a
-
SHA1
e7d4d7ba0de42a26efd1c49b85024422649f0e14
-
SHA256
516a0e7606deec9f838d4b83c398a5e9643bce8629d4cacc0c971e830c9983b7
-
SHA512
3eb3b626b1007b0b053baade69f0a43b8484c2ccd9b8742dad713d017db9041dc34b50c42d66eeeea7f464be9dad81459dd8383897d9e15b516c53809eb4cd3f
-
SSDEEP
6144:WuCtjLnQOSKWu5RfoPVieOhTEJfpEw/lIV9N00UMiEndTQ:WBlLQOSiOVVYEJfpJW/1iUdT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-