General
-
Target
0ba34b60a32a8a7789024efb1bcd2978e9c4b955f934896e1a10025f1d85da1d.zip
-
Size
51KB
-
Sample
230328-mn7txscb8y
-
MD5
d9d0b544f4c85d2d7adf3dca92d3a3ef
-
SHA1
56d0fccf9489c72dc707b089711709be2dfbb161
-
SHA256
97450b9d22e034c0942e845b41bb7509e53805bee768493646944e7dff0510d2
-
SHA512
74331a0ca98faa424eed9cee74b09b30244fe350be349a0ab0ba363ba6c47c0e77bdef68d1db92c29e491a21375f576826c91554c837f90d231db932cf480919
-
SSDEEP
1536:VNtocHpP9nJmKx9tD/QtCBFJGKIeyok1eIjlY:HtT37DQUvwhe/gxY
Malware Config
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Targets
-
-
Target
0ba34b60a32a8a7789024efb1bcd2978e9c4b955f934896e1a10025f1d85da1d
-
Size
175KB
-
MD5
ffb23130f252abb05977a90d4b0a62f6
-
SHA1
49e7d0758626ab2f48f1269f826d6e146d864117
-
SHA256
0ba34b60a32a8a7789024efb1bcd2978e9c4b955f934896e1a10025f1d85da1d
-
SHA512
e3f55e263503467215e63156695e6dc72689ad24422c7d6ab7bb2a37b551d0d48efa3b230afa40a2df6c9b78984b17ef1348f58c8c632f229f47b329d5cb8193
-
SSDEEP
3072:6xqZWjfa8oty3BfeT59lhavxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+ca2:oqZCBalh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-