General
-
Target
6cb4196801f3499297946819a996504a322b67e642fb8ba1d7e314ebf1be64d3
-
Size
328KB
-
Sample
230104-v8l2yscd6t
-
MD5
d4580cda55b1d01e534bb417e849ea25
-
SHA1
92e31fc4722636ddeb9bead13aa7d4c545aac072
-
SHA256
e9d7726856dd59eb915cb5039a973a2d89a947c517108102b246a2e7f5d07365
-
SHA512
f77a4b6783a35d97f7801aa8930fe67e5bf4c9e74e86a314d5545763ec7c4283655dd7f8c57410910928771160e99453253321ba3c3fcd7e34775dcfb80fad11
-
SSDEEP
6144:suoqgzfrSFTm8X0He4XnxDN2xdQqMn6HHDFTj/0fOcjjs1fJcjgHf:/wzTSLKeuN2/QlSTj/0miONHf
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
6cb4196801f3499297946819a996504a322b67e642fb8ba1d7e314ebf1be64d3
-
Size
465KB
-
MD5
750c663683e77bff2ce70237f2a10a53
-
SHA1
7bac029ea62844720e70c032f7f845c26361c5b7
-
SHA256
6cb4196801f3499297946819a996504a322b67e642fb8ba1d7e314ebf1be64d3
-
SHA512
5e03a47137284ccf5d57fb1525a6114b1190ba9f5c6631a5132464daacb7ee240d7e8aa219cf653250741c07b5972fb86c997cbf0c635b3c70d134ff485a9f54
-
SSDEEP
6144:fmLVYqhgoGSN0pHe4DnxDv2xdQqMnsHHDtcAloxupmLdwjT:fmWqhDCdekv2/QlpAloxupmLd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-