General
-
Target
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
Size
278KB
-
Sample
230131-fevdxagc8w
-
MD5
509c42fec4a9b6e905c6aaa7fb97719a
-
SHA1
f3eaaa7205d1511d68315ff4629b37dd9549b355
-
SHA256
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
SHA512
4f017334607e372a3d844f55fed59463371c60ecf7b978a2a65fe955ddfdabb73052611522483d30fd678d30cb7eff3644cca1f76e4a7044c0948175f3a9bdb8
-
SSDEEP
6144:JLQo0LZYr0rFwSXbrvhE1bXmw4Xo6RdwBDQ9xd:JUoUyr07X3vh2bWhLDl
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
Size
278KB
-
MD5
509c42fec4a9b6e905c6aaa7fb97719a
-
SHA1
f3eaaa7205d1511d68315ff4629b37dd9549b355
-
SHA256
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
SHA512
4f017334607e372a3d844f55fed59463371c60ecf7b978a2a65fe955ddfdabb73052611522483d30fd678d30cb7eff3644cca1f76e4a7044c0948175f3a9bdb8
-
SSDEEP
6144:JLQo0LZYr0rFwSXbrvhE1bXmw4Xo6RdwBDQ9xd:JUoUyr07X3vh2bWhLDl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-