General
-
Target
2640c694829c4a7d31175c3a5b9e8c68.exe
-
Size
425KB
-
Sample
230202-w269zsee2w
-
MD5
2640c694829c4a7d31175c3a5b9e8c68
-
SHA1
42604e53f93f32a5fefacf3c0d39c9c5a3f2d66c
-
SHA256
9b937c2d0300b162822d6aefaadd4a05aa6005444a6ebb0c34be78019f50da8d
-
SHA512
79f3c1b93e9b382380e7cde745aa55319f2fadcfa5657cb33afc988235c78a2b20b1e662ef234d0ef28766519c19e88d61bb4fa8199386dd41d00abdd84b332e
-
SSDEEP
12288:UUoavRFka1e7H1vwNJrodCVzWb9CJb7d5ZZ:15KPWnQMzWb9qb7d5n
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
2640c694829c4a7d31175c3a5b9e8c68.exe
-
Size
425KB
-
MD5
2640c694829c4a7d31175c3a5b9e8c68
-
SHA1
42604e53f93f32a5fefacf3c0d39c9c5a3f2d66c
-
SHA256
9b937c2d0300b162822d6aefaadd4a05aa6005444a6ebb0c34be78019f50da8d
-
SHA512
79f3c1b93e9b382380e7cde745aa55319f2fadcfa5657cb33afc988235c78a2b20b1e662ef234d0ef28766519c19e88d61bb4fa8199386dd41d00abdd84b332e
-
SSDEEP
12288:UUoavRFka1e7H1vwNJrodCVzWb9CJb7d5ZZ:15KPWnQMzWb9qb7d5n
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-