General
-
Target
5541649253018c5bd49192f76d3e5046d05cff5278f19274591d75c9c71a0996
-
Size
282KB
-
Sample
230114-w9c14sbh23
-
MD5
28f85d8cd268072ad845e7c3ade6391f
-
SHA1
2633d0a5acb01181f9a88b3ef25fb43a2f529c59
-
SHA256
e07e4a8af1ae828b2f1e882f047cb0cb7afe114d1b5c09cfb600b2afd27665ef
-
SHA512
735760724e65055fc1d7fd002b3e860e75b82819dd7ccc28b7715da49e2fcad7c126c83611bf22e72ca2d7fcc0385b71d5989eecb516afa847ebbf4f0dfb15a6
-
SSDEEP
6144:GV7JztZBDKvetQkkQWH5SBXDsXxxMfd3bnlLGNGycDl6:GV71UvetgFZ60MflZLU6Dc
Malware Config
Extracted
redline
@2023@New
91.215.85.155:32796
-
auth_value
0be5b9b84cd5b707e91a48e341e3f7d7
Targets
-
-
Target
5541649253018c5bd49192f76d3e5046d05cff5278f19274591d75c9c71a0996
-
Size
381KB
-
MD5
b5c9dedaaff50f35df2728f7e747255c
-
SHA1
326ce36f8e1fa4af0062444245ff465125e3413f
-
SHA256
5541649253018c5bd49192f76d3e5046d05cff5278f19274591d75c9c71a0996
-
SHA512
876720bde949830243e6e14ff5837fd54b09543a36570b078a8de76e4b47fa727fd15f7d5e21421e2b65bc8944d100ac07f59612556f891d600b65a00fc1883e
-
SSDEEP
6144:AUkOC00JQszkDKRetQkkQWH5mBXDsXVxMfZAArUppgpRjFE:AUkzGGRetgFZO6MfZTASL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-