General
-
Target
9c4df49831029d18834890ac5dc30e0cb85889f25d32a9399ffec3a13aa2ba02
-
Size
314KB
-
Sample
230114-r12wnahc93
-
MD5
9bbcf517a993bd304b3cb0b8dafc4d06
-
SHA1
01b0d2519eb18557ace4cb8218b66fe49c9ad2f0
-
SHA256
76316093e802bc5e8691a00eb81ec38933d955a425f1252fee75c35b5153a5c4
-
SHA512
5017d8c4b5d5bc5818ad851b4748add17374e42970bad352144f786cb0f88ac56b4d0df8acc99a09b94b8b999212fee2b352c5907e00b17faf2b09950b00efd5
-
SSDEEP
6144:JfOg0UHcrH2m2GJbvDE4O10Fe3Pgc5UjSJKqdJVdsHruWutaZ1tTPJJ:JmgNyH24Jj3O1XPT8SxVdsHKvcTPJJ
Malware Config
Extracted
redline
@new@2023
77.73.133.62:22344
-
auth_value
8284279aedaed026a9b7cb9c1c0be4e4
Targets
-
-
Target
9c4df49831029d18834890ac5dc30e0cb85889f25d32a9399ffec3a13aa2ba02
-
Size
412KB
-
MD5
1377508ef59f531997632aed6b2d4071
-
SHA1
291c1b4f1c0921087150e3c349e0472640e5ad4b
-
SHA256
9c4df49831029d18834890ac5dc30e0cb85889f25d32a9399ffec3a13aa2ba02
-
SHA512
9de4ac6ddc4649f036021e9b9662fd6d87d1e9011252c0640d2883dc01030c1c7d7e965a69696a57a40689be6d2b808c1fed4199ccc3dfedcbeee81882906721
-
SSDEEP
6144:sRQJd+1BBWjkE/zm2GJblDE4O1QFe3Pkc5UjOJKqdJVdjfhRHfOkpgpRjFE:sqJd2WIEr4JR3O1LPH8OxVdjikSL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-