General
-
Target
c5eca4b42075e50081acaf34dfe32f6702cc1abad5314bdba9471303ad0c1419.zip
-
Size
51KB
-
Sample
230328-mzc4paae58
-
MD5
60a6af174712cf2169da87394e8698b4
-
SHA1
924a41c4414c2d925ffc870679c283d86337bb9f
-
SHA256
47d1ff37dd40a85de462946cb83607e718dbfa709177aaf320f74643cf5f8c99
-
SHA512
9a411653cc23310d00b62305522f1f7f7816e512efe7ee6361cbb207adc82c65f440695b07126ffdb6f4ef2898a38f6231ef06b6f5dd221eedbe99a00220140c
-
SSDEEP
1536:KTU2C1KW+X1pX20w6Q7mwOxaurbncg+AU+s0jDbBc8m:KAr1R+l85U4urb3++DbBg
Malware Config
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Targets
-
-
Target
c5eca4b42075e50081acaf34dfe32f6702cc1abad5314bdba9471303ad0c1419
-
Size
175KB
-
MD5
9bf50cf7203c864c7153af834d0d9c34
-
SHA1
db73ececfc7b58cc63eeb5cb6f32290c11b60436
-
SHA256
c5eca4b42075e50081acaf34dfe32f6702cc1abad5314bdba9471303ad0c1419
-
SHA512
cf5c05cb7eecf13ab79c4a8b49c778fc48653cc77fd14935f12fb3dd027ea7c2a69916ef97a9f4f947e0aed056e0b61d3cc1a14002980a91e8ce3ff4bb3ea212
-
SSDEEP
3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-