General
-
Target
c8cfa4abf719c1bf9c805567848c23d308db567754eba51425ff331834870b9e.zip
-
Size
51KB
-
Sample
230328-ltawpsac48
-
MD5
ed77ec65ea9953f26ce1d860ff1a4ee5
-
SHA1
b959d9b0d9e820557044ea11a2edb2b2d69180f4
-
SHA256
cc567525049018b44b3374693fd3b0bcc1b5033ae04b99a8808033111b2510da
-
SHA512
0726f1b64379727fe9a40bf39acbdce9a0b3357023d05db58fdc8c58f6567ccd307633bab050a701fec7bac2cbe0a65ea0b1f710a17f7f374b4949f45d6c3fd9
-
SSDEEP
1536:UfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBg:Y+MHQFHvtKLvhuBg
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
c8cfa4abf719c1bf9c805567848c23d308db567754eba51425ff331834870b9e
-
Size
175KB
-
MD5
ff580fba67bd407cf1fbbfcf0d61612b
-
SHA1
e778846db56b45d61490803ee4fbb95a8bc14fc2
-
SHA256
c8cfa4abf719c1bf9c805567848c23d308db567754eba51425ff331834870b9e
-
SHA512
1cb3e658ef008d318b73b9aa4ece49cbce312c7dfd767655ef9520083085247c0dc2fba0e598dfbc5d6ede6a42f3a8f0dbf43a78b851a603eabdcca7ed370a14
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-