General
-
Target
212af5054aaa478c72d57f9fd5de6765d004dbcfa6bd863784b53a617dc4068a
-
Size
416KB
-
Sample
230321-rn38ysch8y
-
MD5
6f9549d94e05ef71a4ae8afa5e6ddb92
-
SHA1
e58fae07e8887b3896446e91b74dc8add85b430e
-
SHA256
212af5054aaa478c72d57f9fd5de6765d004dbcfa6bd863784b53a617dc4068a
-
SHA512
d3b7363e87b160d96df8f42131ffcf68e39b66f3b0f313a253de708676126a9b6b491a88d74dcf984f77111fdaf466894f7ef4d0a5d44a896c213681cb976cc2
-
SSDEEP
6144:9ycoLW6ZY4dL52s4Gj+hoUrz8KdbYmOd/bLB9VpJWLSQ:9ycoCIY4K/G6hBxbY9bNzWLx
Malware Config
Extracted
redline
fronx2
fronxtracking.com:80
-
auth_value
0a4100df2644a6a6582137d2da2c8bd1
Targets
-
-
Target
212af5054aaa478c72d57f9fd5de6765d004dbcfa6bd863784b53a617dc4068a
-
Size
416KB
-
MD5
6f9549d94e05ef71a4ae8afa5e6ddb92
-
SHA1
e58fae07e8887b3896446e91b74dc8add85b430e
-
SHA256
212af5054aaa478c72d57f9fd5de6765d004dbcfa6bd863784b53a617dc4068a
-
SHA512
d3b7363e87b160d96df8f42131ffcf68e39b66f3b0f313a253de708676126a9b6b491a88d74dcf984f77111fdaf466894f7ef4d0a5d44a896c213681cb976cc2
-
SSDEEP
6144:9ycoLW6ZY4dL52s4Gj+hoUrz8KdbYmOd/bLB9VpJWLSQ:9ycoCIY4K/G6hBxbY9bNzWLx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-