General
-
Target
7b7a86135d0dbe803125aa439f96d9b0ab2b4a8e52a0ee0adb8a3e4ab2c4a677.zip
-
Size
51KB
-
Sample
230328-ltjtlsac52
-
MD5
acc2bab8b8dc76cb70c6b38433e01fa9
-
SHA1
1f95f1695a90a975c3b172c003dbe76696bca824
-
SHA256
0009a2a5ab1a6ebb57f4934be3b0cd51f7bef8cd31b35ab634a33e0025f3c37a
-
SHA512
2b61f013f812b4112fab766915e06497da1f6816119e4ae5809754c226593335796497745bbb0585d1bf9ef71e8da56ce95639bf5010aeb3fbd48924a21a8bbf
-
SSDEEP
1536:ioz9vO1IxntdowoGmP3hWCK3qqJc4ETloO8J:ioBO1IxQf7KdJgiJ
Malware Config
Extracted
redline
mola
193.233.20.32:4125
-
auth_value
05a04aa0a7694423bb0210907b41d794
Targets
-
-
Target
7b7a86135d0dbe803125aa439f96d9b0ab2b4a8e52a0ee0adb8a3e4ab2c4a677
-
Size
175KB
-
MD5
0ff1319706c0402fa927638f6bc3d67d
-
SHA1
851a3da11a9d5ae2be66cf468969a9cd52eb8ba3
-
SHA256
7b7a86135d0dbe803125aa439f96d9b0ab2b4a8e52a0ee0adb8a3e4ab2c4a677
-
SHA512
f2acde18fd8ec5942b2e9c1b4719932404890f28226af17c081223de68929c3ed3b3f824e70dbac4873d82fb6f90b74ff1f2e4614d71117d5eaf358d013c6792
-
SSDEEP
3072:jxqZWXragQx+/YbyRx4dXeh59kho/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0ji:1qZWYby7KEkh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-