General
-
Target
9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395
-
Size
467KB
-
Sample
230322-n7atzagf52
-
MD5
be1af041b6208491ac3e908f3388c775
-
SHA1
70f00e3435971af66b66de9753b39443779b3ac7
-
SHA256
9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395
-
SHA512
5ff7a8737ad852d861f4d28cdf1d08ede2a1732c70cafb1e4316eb77f43c53d950ff3a9aab724f19a6f2a4ed290413033f62e82079f75b22884b55471e3396fb
-
SSDEEP
3072:l22GlhgH/sWjuaSl47XMAiPFW6+3FAqev2qVNEzFvpa8NbQigb8vknTidoWNwziD:2Ux08l36qY2qzEBJeiBvXVGiFvC2q
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395
-
Size
467KB
-
MD5
be1af041b6208491ac3e908f3388c775
-
SHA1
70f00e3435971af66b66de9753b39443779b3ac7
-
SHA256
9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395
-
SHA512
5ff7a8737ad852d861f4d28cdf1d08ede2a1732c70cafb1e4316eb77f43c53d950ff3a9aab724f19a6f2a4ed290413033f62e82079f75b22884b55471e3396fb
-
SSDEEP
3072:l22GlhgH/sWjuaSl47XMAiPFW6+3FAqev2qVNEzFvpa8NbQigb8vknTidoWNwziD:2Ux08l36qY2qzEBJeiBvXVGiFvC2q
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-