General
-
Target
4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c.zip
-
Size
51KB
-
Sample
230328-lnyetaab89
-
MD5
1de87b63c773f42640f75d459152102b
-
SHA1
cd4c4e8726dae259ed9371e655166038ded12367
-
SHA256
211aae748405bcf05893cc25781a06354e2ecadff1a39646c931684503e716c4
-
SHA512
12b387859cf78b0c3584e50ad2ae0c3c5b112f7c76254744040d8b5ecfc05a93c123440d478fe93382a9c1eb923db60696c99cd343d53ff4f52025f1a741bdb6
-
SSDEEP
1536:8gKh5645RT/D6532Q8zxvZTKmda5IX0H8CM7fs6a8vLNAHv4Jv:8gKh564njDKGQ8zLNdS78uIZIQN
Malware Config
Extracted
redline
vila
193.233.20.33:4125
-
auth_value
94b115d79ddcab0a0fb9dfab8e225c3b
Targets
-
-
Target
4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c
-
Size
175KB
-
MD5
d642d29b28f03f5593e6930cb6a14ef8
-
SHA1
2ef73096290e69d46e3743ce1c4566bd4e783d73
-
SHA256
4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c
-
SHA512
e23f49fa342f048a042e28cb68e0cc2f89ba3355189c409201429874ae8be55fe72b21ab4170772af2f3ecbbf1205bd12f5765f8a8055a7e1e667749c68c74ef
-
SSDEEP
3072:7xqZW11a2kX8fSx3IeJwewI9zhfrxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOZ:NqZkSx3ZJ5zh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-