General
-
Target
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
Size
50KB
-
Sample
221207-a5435sdb2z
-
MD5
56395670409f59d38a1d4ee2afe4a25a
-
SHA1
cdd4c7caf5443a73259a1f7d5275b6c7be700d07
-
SHA256
62feaa641e422356c8490e8315d3418dc823064d9d52c6c371b41d8a4d2ed8b8
-
SHA512
71d16f5792bef434f62b6382c991e75add5d044f08cc80e16323c2a67703942b986ea2de64003f843f8e74f8413c38bd376a6739aa8bb4c0f6fd8da97b97db9c
-
SSDEEP
1536:qQtT1zzcqLGFfm/qC0k0CDuV/4FnSu20eTEWX82GyiW:qQtJHcqwe/qC0CDuKFSHFX8ZJW
Malware Config
Extracted
redline
nosh
31.41.244.14:4683
-
auth_value
7455ba4498ca1bfb73b0efbf830fb9b4
Targets
-
-
Target
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
Size
175KB
-
MD5
f9021651b165064dfbe6662f543e1792
-
SHA1
104ab0e4fb3302dd77489f9d41ee28b60d06adc0
-
SHA256
fc0e730c9b09606eb09f91f39d9e780f005bd0f1674ee411cbb0de75acbe4bae
-
SHA512
1b747dd451092bfa6115c0993e7ad84b4262cbf4b0b91f6418544d5796d145b9cc6fec8bcf4b6a63644b9458f987469ded3580ac6aa378cb435fe86fe14ab96f
-
SSDEEP
3072:axqZWBJaHEDgXc5De55FshGHxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+cX:IqZVc50sh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-