General
-
Target
9ec3eb0b5f8f258137d06e0229b0a64b5f403c1ab387d57e2128344cfaed1e0f
-
Size
336KB
-
Sample
230202-sanrsahd76
-
MD5
6417053c359dd416d8ed7b45b366d3e5
-
SHA1
10fb8f278ebb183c541b3228f85b6db027290ee8
-
SHA256
9ec3eb0b5f8f258137d06e0229b0a64b5f403c1ab387d57e2128344cfaed1e0f
-
SHA512
9549134e2b68b62a593c5eb6549d8f4a09bca0c12c0d0b89362a8e990d51b64633d7cea3175f2ac15d4e7aeb0789137c902bf216e2f7882ec8b9a21cbc55419c
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Malware Config
Extracted
redline
24.01
37.220.86.164:29170
-
auth_value
1c7f0aa21138601b5201a3a4a0123991
Targets
-
-
Target
9ec3eb0b5f8f258137d06e0229b0a64b5f403c1ab387d57e2128344cfaed1e0f
-
Size
336KB
-
MD5
6417053c359dd416d8ed7b45b366d3e5
-
SHA1
10fb8f278ebb183c541b3228f85b6db027290ee8
-
SHA256
9ec3eb0b5f8f258137d06e0229b0a64b5f403c1ab387d57e2128344cfaed1e0f
-
SHA512
9549134e2b68b62a593c5eb6549d8f4a09bca0c12c0d0b89362a8e990d51b64633d7cea3175f2ac15d4e7aeb0789137c902bf216e2f7882ec8b9a21cbc55419c
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-