General
-
Target
836367d70c8fee0f38328f3d282989f52700ea6db97c9f1f77f30eab6e0efc4f.zip
-
Size
51KB
-
Sample
230328-mze82sae59
-
MD5
8af98eebf4206d757aebeb8c674aa955
-
SHA1
7dd35427b41b20a7145c754eb2a4e46d80ae9f4f
-
SHA256
6f4719d52d724cea9a88ad65a982340460bd2dc7e70360283ea4ada857a45f5d
-
SHA512
578f51a259dfb6de53cfafce3995648a976d8f21fd8f2c75f7219d3825af9c1b01f29175168ec08c25d09382561f5ae98af101ceef2dfed7c5bf190a7ea6df46
-
SSDEEP
768:ztG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNo:zM/o+yUU/ez7sNxCyLkeAxDNo
Malware Config
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
836367d70c8fee0f38328f3d282989f52700ea6db97c9f1f77f30eab6e0efc4f
-
Size
175KB
-
MD5
82efd57cb323092ce0e09737dece8b71
-
SHA1
7924e048c925833124194676836042f98dd8a306
-
SHA256
836367d70c8fee0f38328f3d282989f52700ea6db97c9f1f77f30eab6e0efc4f
-
SHA512
c6c96011ebf866e722678afb7711e14d64db3dd9285baeac8faf74e225689fb7d09add0cb87c3b91b951e127b5bfe050d0a1b60bd3f9f663d8ce15eab01ac565
-
SSDEEP
3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-