General
-
Target
3b1ceda1e24b0eab18a0b467df45c56e859ed5a0d6ee87c47b94eac55c4d380d
-
Size
452KB
-
Sample
230321-vqdb4aeb5v
-
MD5
bbab69b00166f28dcb436c553d956498
-
SHA1
4f75b2e8a8402b9dfc454a19c7f699eee827dac0
-
SHA256
3b1ceda1e24b0eab18a0b467df45c56e859ed5a0d6ee87c47b94eac55c4d380d
-
SHA512
cd3129624a534a1980db781f5801fa10d68db03ac7b3617831bc28593e03e3e7cf9dfd9629a66d9c6823c15edef306598bed8623954aadc313c18b9d6763d707
-
SSDEEP
6144:MObqL8/MpV+N93NrrlmsPx5povmRDGOo9B3a5UZ1LyXlybWdx1:zbqw/MpV+N93FBTPPpAl3sK2KWn1
Malware Config
Extracted
redline
fronx2
fronxtracking.com:80
-
auth_value
0a4100df2644a6a6582137d2da2c8bd1
Targets
-
-
Target
3b1ceda1e24b0eab18a0b467df45c56e859ed5a0d6ee87c47b94eac55c4d380d
-
Size
452KB
-
MD5
bbab69b00166f28dcb436c553d956498
-
SHA1
4f75b2e8a8402b9dfc454a19c7f699eee827dac0
-
SHA256
3b1ceda1e24b0eab18a0b467df45c56e859ed5a0d6ee87c47b94eac55c4d380d
-
SHA512
cd3129624a534a1980db781f5801fa10d68db03ac7b3617831bc28593e03e3e7cf9dfd9629a66d9c6823c15edef306598bed8623954aadc313c18b9d6763d707
-
SSDEEP
6144:MObqL8/MpV+N93NrrlmsPx5povmRDGOo9B3a5UZ1LyXlybWdx1:zbqw/MpV+N93FBTPPpAl3sK2KWn1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-