General
-
Target
ecbc67f3c47701ca86bd9f2ac66f16fcc47d630268d4febcea8616209c968c34
-
Size
347KB
-
Sample
230323-hnxazaga91
-
MD5
7ef3de123b150103758b5d3102335e85
-
SHA1
4ff11273053819e79c594866ecebf1090cafefd5
-
SHA256
ecbc67f3c47701ca86bd9f2ac66f16fcc47d630268d4febcea8616209c968c34
-
SHA512
097cb1e64f60c6ac60f14210bdc97a116408e6d64551f2a17ad934bb3c8705c278296463fb0a326b13ecac480f369532624208ff310996a20a392c26046067ba
-
SSDEEP
6144:gKJpL3LWk61MQuKawWd++69C/8Fo4fOJoQpD7fSdH5sOd+DTrpaH:VpL36k61MQuK7WdarhzA76dZspDQ
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
ecbc67f3c47701ca86bd9f2ac66f16fcc47d630268d4febcea8616209c968c34
-
Size
347KB
-
MD5
7ef3de123b150103758b5d3102335e85
-
SHA1
4ff11273053819e79c594866ecebf1090cafefd5
-
SHA256
ecbc67f3c47701ca86bd9f2ac66f16fcc47d630268d4febcea8616209c968c34
-
SHA512
097cb1e64f60c6ac60f14210bdc97a116408e6d64551f2a17ad934bb3c8705c278296463fb0a326b13ecac480f369532624208ff310996a20a392c26046067ba
-
SSDEEP
6144:gKJpL3LWk61MQuKawWd++69C/8Fo4fOJoQpD7fSdH5sOd+DTrpaH:VpL36k61MQuK7WdarhzA76dZspDQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-