General
-
Target
ca83fd117ff78e8e40cab397b074fa36.bin
-
Size
255KB
-
Sample
230326-cd3gcahb6s
-
MD5
f0f05952c635cba13b25c38d434763bc
-
SHA1
85c0c661e9d10ff2712e8778bff516e9bccaae80
-
SHA256
9e7c2bb19a983d9d8df286342b6b36f6adab7720d04b88c89a1b1bd6728d41fa
-
SHA512
dd1482b6c4d91dba92e162e9d572bcc75fa36b681dd4dcef374975b8d211be9d4409f5287d3442823cdc3304f6bfad2bf7763c88f9d9221f8b9357030b051108
-
SSDEEP
6144:/ep5KSe4E6IAG3edRdz3JP3FR+VPmjwuly:/epcSpE6vZP3j8+jwD
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
9e10cd72fd11418ab2c8c2957c0dfbb981a028d34bcfbaa90c671af4f0b92032.exe
-
Size
355KB
-
MD5
ca83fd117ff78e8e40cab397b074fa36
-
SHA1
8d4ed77add391b1f377dace1d6dd11de83cbf4bb
-
SHA256
9e10cd72fd11418ab2c8c2957c0dfbb981a028d34bcfbaa90c671af4f0b92032
-
SHA512
a88894805832f28bd2ccf1ca56769fe419077f0fa4a6942bb0d595a12d26234b8d2f7609c3a7150d0a2bfd4f3efab81255ea47b3508a34da552ca37e906bbc78
-
SSDEEP
6144:ejeDmfF86gnwhqWp3Xf8KHexLRECe4mqtUfJILh4va:GeyfF8YgCBULRwTMUxIN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-