General
-
Target
4ff36debcb16cce699a344441ea9f517d50afc59b8b022bdccca94b20d6a4f40
-
Size
256KB
-
Sample
230103-e1sa1ach8y
-
MD5
2bc81dd0472ad195ff403b2bfd5e87b2
-
SHA1
456785c5fa43cb57d203f2265bfbf23053b4a43c
-
SHA256
0372e42060f29e8831fd5394dad8d23b0236d631db5a223a0480a5c4104a404a
-
SHA512
43bc6ae7b8bcf24923bd77d522ea5352c5188d7ff1b01b9ee806921e183100a712bfc1eb6ef855716af47fe38edf3de7e2a44357b125a81ede1b60241786127c
-
SSDEEP
6144:oH/QdSaYbRYrfnoCz9FPH7RrOG0MBm2+pd+v1e3VH6I:IQB6RYrfoCz9FP9rnBypYedp
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
4ff36debcb16cce699a344441ea9f517d50afc59b8b022bdccca94b20d6a4f40
-
Size
330KB
-
MD5
b54ce05e6493b2221263316bf0ce1106
-
SHA1
510cbc67ea119d18b17381c733e3120fed721e6e
-
SHA256
4ff36debcb16cce699a344441ea9f517d50afc59b8b022bdccca94b20d6a4f40
-
SHA512
f4c08a858d926f3c509add035f0d72494df51eef57939ed820282eda5f777cc806103f75d9d06ae9dcf1b791b6d7a473e17a6b946be1e20317c6effb75703626
-
SSDEEP
6144:MJCLRiAbgduk75BQCz9HPH7RreG0MBm2Wpd+o20:MJC9i/uk75BQCz9HP9rXBSpl20
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-