General
-
Target
37006f3fd5b2a8ebd06e763b6dc6665792a79f047c2215fae82da47335000bd1
-
Size
356KB
-
Sample
230327-ps65asfe4s
-
MD5
04a617814138557b44deb44f82b54121
-
SHA1
a1c88fe48640adfcfe33f003c09090f89d34dfa0
-
SHA256
37006f3fd5b2a8ebd06e763b6dc6665792a79f047c2215fae82da47335000bd1
-
SHA512
d9e1a132705ea6fe46cb1605cb216a9359868baf4a85e223b4c52ab68511ae4c8f43271a25aa4b19851fa262ab3a703d9252f1f5db2ee2a94f24430348025c4d
-
SSDEEP
6144:0t8x8iNVTxL4JPp96iuh/WckY83oonLe5sWprT9VLlCX88wzz7EPybg/R:h/vTx8JPyi6kYOLe5skrT9X2/oz7U
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
37006f3fd5b2a8ebd06e763b6dc6665792a79f047c2215fae82da47335000bd1
-
Size
356KB
-
MD5
04a617814138557b44deb44f82b54121
-
SHA1
a1c88fe48640adfcfe33f003c09090f89d34dfa0
-
SHA256
37006f3fd5b2a8ebd06e763b6dc6665792a79f047c2215fae82da47335000bd1
-
SHA512
d9e1a132705ea6fe46cb1605cb216a9359868baf4a85e223b4c52ab68511ae4c8f43271a25aa4b19851fa262ab3a703d9252f1f5db2ee2a94f24430348025c4d
-
SSDEEP
6144:0t8x8iNVTxL4JPp96iuh/WckY83oonLe5sWprT9VLlCX88wzz7EPybg/R:h/vTx8JPyi6kYOLe5skrT9X2/oz7U
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-