General
-
Target
68f8fc9275abfb5bb861728c49fcc24111af0bb63c20d9e405c8692b8a3fbb42
-
Size
284KB
-
Sample
221116-yje4wscf85
-
MD5
a1097a2b3a64e9b13604a5c0fb102add
-
SHA1
9c434d9ce5646425ea1d64a27816a66967998f34
-
SHA256
ed743ca39b8432d94e70955a8704c2ba378b2814caecc5a123e021b132f6c9a0
-
SHA512
87cc4fc530aad8a68ad8a85bedacd9bb92f403d5bd72632f33ef23a1aecf48a8ff22085929f9dd39335f9b962a14e6f4c7d224d90eeb0e3b6a6cac5a401e7e9e
-
SSDEEP
6144:Uu67tHtzUnlHNz5F/7IsTP2hyyMz7YN8yO15d4dvUV8g6vBJ9Xl2V:UPLz8H5n8a2IyMzkeyO15KdQ8goBz1W
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
68f8fc9275abfb5bb861728c49fcc24111af0bb63c20d9e405c8692b8a3fbb42
-
Size
364KB
-
MD5
f922080d9d3eec08b94a39ae34641064
-
SHA1
9fda60e79c7dd500a89045686800b5ba303aed47
-
SHA256
68f8fc9275abfb5bb861728c49fcc24111af0bb63c20d9e405c8692b8a3fbb42
-
SHA512
c1686313ecbd01c7489be5bedb15a47a19169eed6f049b8ee93ecd585247e14dc97e5352fa1059917036acc5acdea36fdf14d6eee939baaa2ce9a44a98c4c1d7
-
SSDEEP
6144:9MCLskKw05BvWfs+KF/7IsTPUhy8Mz7GN8yO15d4TvUV8g6vBvhypqW:9F4a05th8aUI8Mz6eyO15KTQ8goB5yp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-