General
-
Target
9bb15f1d67985affed307b993d7dbdc83aabf9ceb4ac742bc84128bdb9482e1f
-
Size
493KB
-
Sample
230323-aa2drscb86
-
MD5
c90aad766b407d6f6e5b624a6439fd43
-
SHA1
918b3c8cf9eacce209e704f37d92da48790f91c8
-
SHA256
9bb15f1d67985affed307b993d7dbdc83aabf9ceb4ac742bc84128bdb9482e1f
-
SHA512
da394e5beebaa39ed249e4113ccc5c20ba1ecd0888b0ee1d4b89627f6a78617eeef424ada65aaf4e0551326910a3eba308a468588d69c278cbb4f39987cfe9b9
-
SSDEEP
6144:gFfywBDZl4wVgiLjjPdHvl0UayW1DwNnwZ4j:gFfywxZCwV/LvPdPGp1RZ4j
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
9bb15f1d67985affed307b993d7dbdc83aabf9ceb4ac742bc84128bdb9482e1f
-
Size
493KB
-
MD5
c90aad766b407d6f6e5b624a6439fd43
-
SHA1
918b3c8cf9eacce209e704f37d92da48790f91c8
-
SHA256
9bb15f1d67985affed307b993d7dbdc83aabf9ceb4ac742bc84128bdb9482e1f
-
SHA512
da394e5beebaa39ed249e4113ccc5c20ba1ecd0888b0ee1d4b89627f6a78617eeef424ada65aaf4e0551326910a3eba308a468588d69c278cbb4f39987cfe9b9
-
SSDEEP
6144:gFfywBDZl4wVgiLjjPdHvl0UayW1DwNnwZ4j:gFfywxZCwV/LvPdPGp1RZ4j
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-