General
-
Target
file.exe
-
Size
311KB
-
Sample
230323-thcj6aaf6y
-
MD5
06be538d980890259f83cc616d397bf4
-
SHA1
083875c97333f278823d3c938d743347c2243357
-
SHA256
ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7
-
SHA512
2086e009666a0eac8392c5c5433e7ededb3193d42bb2fa70e50d7318e32db23966453deadca3bf29ef6afb02bfc94019d2576abba30c10647a90e3de0ae0b25c
-
SSDEEP
3072:v/niGY8XLzFt23TNvXTu56ytWbr1ipANfZQl0q9Uvzfb8eXUjL0B0TtNbVG5ZrkK:328XLptAR/TYmBiWJ3OUjuLbQZ4u6SP
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
file.exe
-
Size
311KB
-
MD5
06be538d980890259f83cc616d397bf4
-
SHA1
083875c97333f278823d3c938d743347c2243357
-
SHA256
ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7
-
SHA512
2086e009666a0eac8392c5c5433e7ededb3193d42bb2fa70e50d7318e32db23966453deadca3bf29ef6afb02bfc94019d2576abba30c10647a90e3de0ae0b25c
-
SSDEEP
3072:v/niGY8XLzFt23TNvXTu56ytWbr1ipANfZQl0q9Uvzfb8eXUjL0B0TtNbVG5ZrkK:328XLptAR/TYmBiWJ3OUjuLbQZ4u6SP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-