General
-
Target
a9959ac2c46261b6d061e0d4d73d5d379d3f3470c9be7bb5d951efc45342bb97
-
Size
316KB
-
Sample
221123-ry4bpshh27
-
MD5
33cd3263865106e58dc0bde2743e61be
-
SHA1
eef698be023823262eaa3528e866f2c00a702500
-
SHA256
a9959ac2c46261b6d061e0d4d73d5d379d3f3470c9be7bb5d951efc45342bb97
-
SHA512
60be0db9848a9d3b2a95bf0c5b91b306a4e6b6ecc8c784cf400601914c5b1b0fee20f8a03c84c16f055cd63167243e65a01870166f7322a146e9139f90f9e241
-
SSDEEP
6144:WN+LhCCtup6zFpuCVCcadTNyZvMIy451DT33A3:WN+wCkKm+2T0ZUIy4fTA3
Malware Config
Extracted
redline
NanoID2022
185.106.92.111:2510
-
auth_value
d5913c276c6c8b5735246051bef9a412
Targets
-
-
Target
a9959ac2c46261b6d061e0d4d73d5d379d3f3470c9be7bb5d951efc45342bb97
-
Size
316KB
-
MD5
33cd3263865106e58dc0bde2743e61be
-
SHA1
eef698be023823262eaa3528e866f2c00a702500
-
SHA256
a9959ac2c46261b6d061e0d4d73d5d379d3f3470c9be7bb5d951efc45342bb97
-
SHA512
60be0db9848a9d3b2a95bf0c5b91b306a4e6b6ecc8c784cf400601914c5b1b0fee20f8a03c84c16f055cd63167243e65a01870166f7322a146e9139f90f9e241
-
SSDEEP
6144:WN+LhCCtup6zFpuCVCcadTNyZvMIy451DT33A3:WN+wCkKm+2T0ZUIy4fTA3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-