General
-
Target
0fc8b4ab7e4dbad105dbd85cbf26883ef2600db625c54628ba8ce13d897e571e
-
Size
292KB
-
Sample
230213-3dd2vsgd8v
-
MD5
94b0391a774cbe480e42460c3af72cc4
-
SHA1
53748da7c20dc63b0afc840b691def7ee5534c93
-
SHA256
0fc8b4ab7e4dbad105dbd85cbf26883ef2600db625c54628ba8ce13d897e571e
-
SHA512
067f831d54d534e074f6b73bece5c14dd461946603c77a3b19ea14e29785a930542f4c6a5c158c9c155ed87030d6b36c9da954ad5cc680f68b7e2922cafc51d0
-
SSDEEP
6144:EuNhhwVLGeU6MxX+EvGgIuqhOFn6bbPlAO:EuXYGeU6ouEvGMqcFn6+
Malware Config
Extracted
redline
romik
193.233.20.12:4132
-
auth_value
8fb78d2889ba0ca42678b59b884e88ff
Targets
-
-
Target
0fc8b4ab7e4dbad105dbd85cbf26883ef2600db625c54628ba8ce13d897e571e
-
Size
292KB
-
MD5
94b0391a774cbe480e42460c3af72cc4
-
SHA1
53748da7c20dc63b0afc840b691def7ee5534c93
-
SHA256
0fc8b4ab7e4dbad105dbd85cbf26883ef2600db625c54628ba8ce13d897e571e
-
SHA512
067f831d54d534e074f6b73bece5c14dd461946603c77a3b19ea14e29785a930542f4c6a5c158c9c155ed87030d6b36c9da954ad5cc680f68b7e2922cafc51d0
-
SSDEEP
6144:EuNhhwVLGeU6MxX+EvGgIuqhOFn6bbPlAO:EuXYGeU6ouEvGMqcFn6+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-