General
-
Target
install.exe
-
Size
455MB
-
Sample
230204-1eh14aaa71
-
MD5
e978d748e3b129089e278595339c9107
-
SHA1
efebeb35cc9dba6eea6b375315db46d3c9729755
-
SHA256
914a521462d40365f01e6adbeca888ce6e8da477c69f9711d567408493ecf0e6
-
SHA512
d069c77dd867efe232ae6933a610dfcb98066918786d25835c708b8afb8eefae600d1c67448e1497182476b8efb79a4503d1baecb6936b9e404b03d143f86b7f
-
SSDEEP
24576:60EmWf5YB0BsfB5Mjr3Cn5YZk4qMWPmpFld4SKvpHNw:6ifYjr3o5YZyPil5KvpHa
Malware Config
Extracted
redline
11
179.43.180.18:22733
-
auth_value
ea25d6e2e1b88bada14c3c0e27499d81
Targets
-
-
Target
install.exe
-
Size
455MB
-
MD5
e978d748e3b129089e278595339c9107
-
SHA1
efebeb35cc9dba6eea6b375315db46d3c9729755
-
SHA256
914a521462d40365f01e6adbeca888ce6e8da477c69f9711d567408493ecf0e6
-
SHA512
d069c77dd867efe232ae6933a610dfcb98066918786d25835c708b8afb8eefae600d1c67448e1497182476b8efb79a4503d1baecb6936b9e404b03d143f86b7f
-
SSDEEP
24576:60EmWf5YB0BsfB5Mjr3Cn5YZk4qMWPmpFld4SKvpHNw:6ifYjr3o5YZyPil5KvpHa
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-