General
-
Target
29a5c415e896ed48b3c58204df824baa88a029d54503094a5f6158491cc71346
-
Size
348KB
-
Sample
230322-ct8nased73
-
MD5
036abc845519793415c27ab49f7dba01
-
SHA1
b1c35a4568658e4923f5efbd7905413d3ffc2f76
-
SHA256
29a5c415e896ed48b3c58204df824baa88a029d54503094a5f6158491cc71346
-
SHA512
f9d3fa2c74110ea1aa79e3cd0d50920dbdcf37d697fc53949ed276e1e114cdc3084d838bbb33638f3d2d1d9b072da7c046d28a05bbc7387f33461c1991aa3a1e
-
SSDEEP
6144:Ys65/LdLQU6/9RIo79UBf9rjepU2epe9ApNxaF7pn+BgKFcuM:5U/LdEU6/9OC9Obzpbypn+Cd
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
29a5c415e896ed48b3c58204df824baa88a029d54503094a5f6158491cc71346
-
Size
348KB
-
MD5
036abc845519793415c27ab49f7dba01
-
SHA1
b1c35a4568658e4923f5efbd7905413d3ffc2f76
-
SHA256
29a5c415e896ed48b3c58204df824baa88a029d54503094a5f6158491cc71346
-
SHA512
f9d3fa2c74110ea1aa79e3cd0d50920dbdcf37d697fc53949ed276e1e114cdc3084d838bbb33638f3d2d1d9b072da7c046d28a05bbc7387f33461c1991aa3a1e
-
SSDEEP
6144:Ys65/LdLQU6/9RIo79UBf9rjepU2epe9ApNxaF7pn+BgKFcuM:5U/LdEU6/9OC9Obzpbypn+Cd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-