General
-
Target
5c21069d9a242ee8583b0cf92c6ee80a3c2c0f4b50f451c5d38376c9ee7d83ec
-
Size
474KB
-
Sample
230125-mnczjsfg43
-
MD5
2d23d0ffbe153bb4ebc6f53b2a441da7
-
SHA1
4545ca6b1ef2eea782b23670cadbc90f342f0d6e
-
SHA256
5c21069d9a242ee8583b0cf92c6ee80a3c2c0f4b50f451c5d38376c9ee7d83ec
-
SHA512
af803cd2e910447f8fd469c6e3406032da6640ef079703502a11d5596aa22576f616fbac8ff46803eacc64c71e4377635ae2385b035b9477744446ed252012f1
-
SSDEEP
12288:2zWqh1DXPMa6vLy5Rp/9lfuntJ37VWR5lzvd:rqTDkasGdFQnt17VWR5Vl
Malware Config
Extracted
redline
@new@2023
77.73.133.62:22344
-
auth_value
8284279aedaed026a9b7cb9c1c0be4e4
Targets
-
-
Target
5c21069d9a242ee8583b0cf92c6ee80a3c2c0f4b50f451c5d38376c9ee7d83ec
-
Size
474KB
-
MD5
2d23d0ffbe153bb4ebc6f53b2a441da7
-
SHA1
4545ca6b1ef2eea782b23670cadbc90f342f0d6e
-
SHA256
5c21069d9a242ee8583b0cf92c6ee80a3c2c0f4b50f451c5d38376c9ee7d83ec
-
SHA512
af803cd2e910447f8fd469c6e3406032da6640ef079703502a11d5596aa22576f616fbac8ff46803eacc64c71e4377635ae2385b035b9477744446ed252012f1
-
SSDEEP
12288:2zWqh1DXPMa6vLy5Rp/9lfuntJ37VWR5lzvd:rqTDkasGdFQnt17VWR5Vl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation