General
-
Target
file.exe
-
Size
334KB
-
Sample
221216-3hpddsfh28
-
MD5
99df4f3d1d0a30372b860f30d2d4e48b
-
SHA1
ea9e83541fb6fd385f0c688338e5d06272f4b5ef
-
SHA256
c6daba2ea0f0677a58b3dbbf5b39a7a7f7e6e09ffe89e464d3d7e25733d65dab
-
SHA512
f92ef20a5707a860e9c86edaa9efac7a79b2f24223549d3214023d9ce1dbe5f6ac3aed6e8a7944c3c77c6861b064d62d2c2977f26e6ae520b146d9e78ff15ccb
-
SSDEEP
6144:LgSLoxNf/B3C4lop3/X3XzfGNil5XMMVw0CEYeigzp1vD40M2b:LfkxNXB3/loVfXzSi3hV9CTePt1v
Malware Config
Extracted
redline
@2023@
193.106.191.138:32796
-
auth_value
ca057e5baadfd0774a34a6a949cd5e69
Targets
-
-
Target
file.exe
-
Size
334KB
-
MD5
99df4f3d1d0a30372b860f30d2d4e48b
-
SHA1
ea9e83541fb6fd385f0c688338e5d06272f4b5ef
-
SHA256
c6daba2ea0f0677a58b3dbbf5b39a7a7f7e6e09ffe89e464d3d7e25733d65dab
-
SHA512
f92ef20a5707a860e9c86edaa9efac7a79b2f24223549d3214023d9ce1dbe5f6ac3aed6e8a7944c3c77c6861b064d62d2c2977f26e6ae520b146d9e78ff15ccb
-
SSDEEP
6144:LgSLoxNf/B3C4lop3/X3XzfGNil5XMMVw0CEYeigzp1vD40M2b:LfkxNXB3/loVfXzSi3hV9CTePt1v
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-