General
-
Target
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
Size
50KB
-
Sample
221206-xm4e8aea75
-
MD5
83bb6ec20fefbccd1bf25659448db7f3
-
SHA1
a9c8997f13d943b13dbfe1c63af66c5ad417d9c7
-
SHA256
8c2d79b757d3204f7a4c65b8a609baaa97da44706692a897db4a33101415d592
-
SHA512
a11992ce47d4a4d9fdb2f7df191608b7c38992f31a6cd23ccebf26fbf40453d8028cc4b8e4171ab133d24c6c9d9c5606ce9326f11245417820f6b365b7df49c3
-
SSDEEP
1536:XQtT1zzcqLGFfm/qC0k0CDuV/4FnSu20eTEWX82Gyi7:XQtJHcqwe/qC0CDuKFSHFX8ZJ7
Malware Config
Extracted
redline
nosh
31.41.244.14:4683
-
auth_value
7455ba4498ca1bfb73b0efbf830fb9b4
Targets
-
-
Target
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
Size
175KB
-
MD5
f9021651b165064dfbe6662f543e1792
-
SHA1
104ab0e4fb3302dd77489f9d41ee28b60d06adc0
-
SHA256
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
SHA512
1b747dd451092bfa6115c0993e7ad84b4262cbf4b0b91f6418544d5796d145b9cc6fec8bcf4b6a63644b9458f987469ded3580ac6aa378cb435fe86fe14ab96f
-
SSDEEP
3072:axqZWBJaHEDgXc5De55FshGHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+cX:IqZVc50sh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-