General
-
Target
0eead149bb52b06affdfd6d2a54da954914479bb876410e74fe2d28eeea90abb
-
Size
340KB
-
Sample
230203-p16thafc98
-
MD5
4c77ab0fe7f347a68b1fd179ccc257e8
-
SHA1
a78a06835e303b852de055c721247aa47fa87b14
-
SHA256
0eead149bb52b06affdfd6d2a54da954914479bb876410e74fe2d28eeea90abb
-
SHA512
4a24ca874f7b388a6757f5df2630ec224c777924f5f7116f46735339064ef1e8bda63a2365d0bafb1c18c0757c288fff48b7532b36ab6e747ddc9b364c244b4d
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Malware Config
Extracted
redline
24.01
37.220.86.164:29170
-
auth_value
1c7f0aa21138601b5201a3a4a0123991
Targets
-
-
Target
0eead149bb52b06affdfd6d2a54da954914479bb876410e74fe2d28eeea90abb
-
Size
340KB
-
MD5
4c77ab0fe7f347a68b1fd179ccc257e8
-
SHA1
a78a06835e303b852de055c721247aa47fa87b14
-
SHA256
0eead149bb52b06affdfd6d2a54da954914479bb876410e74fe2d28eeea90abb
-
SHA512
4a24ca874f7b388a6757f5df2630ec224c777924f5f7116f46735339064ef1e8bda63a2365d0bafb1c18c0757c288fff48b7532b36ab6e747ddc9b364c244b4d
-
SSDEEP
6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-