General
-
Target
GeForce_Experience_v3.26.0.154.rar
-
Size
1.5MB
-
Sample
221129-t58acafd63
-
MD5
2f776c8b2113e2e8d04e35b9e762da7f
-
SHA1
98a6b296791bf93a6409d6ffca4c0ba74f9cb22b
-
SHA256
07dc440c9f4631800010bbb91098c36e22b4d79671057cb59c168a3811128f30
-
SHA512
eec066812351470e530ff8fd931eb7d717030f2eda10dfeedf8504da946b166a5fa1f74b85d87f918615fe8045aca26a7a7f66015b642dc5f66ebf94bc7f0ad5
-
SSDEEP
49152:yc0/Qq1+Q1ELjOkzA0DoMFQ7SQvIXJWuZ:5Ry187zl47SFJhZ
Malware Config
Extracted
redline
nvidia
213.183.48.211:43785
-
auth_value
ea8bd97e7d7d2074eef904d7e16b358d
Targets
-
-
Target
GeForce_Experience_v3.26.0.154.exe
-
Size
715.0MB
-
MD5
6cbe362f57d05ce7cb0fb6394043efe6
-
SHA1
5e5543eca9e27c936a9e59a5b790e84f6a4c8f4e
-
SHA256
ddc53da82c6f298b883d67d26a6f9fd836d4a08ed53d6f0b610fb24c0b1b7ffa
-
SHA512
3dc7c38501e019a33d7931e06e93d29c0126235d7470c26958658ff126bfb92055024ae9720dc314e3ee30edf9665b838ce6a4e9260286aa78da5b00561db6b7
-
SSDEEP
49152:WgAXu3MfR/d4+Mv4yOWee0n5ofbOclLN9l96J30GY6B7W6l6WYqaqfmpgcy6r:WpSuS+zWV0SV97l9m0fWSIaqfMxy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-