General
-
Target
bbdfa613b1edf7c28ae35b0d240c6a9c1291b544648a38b6d61f54f6f423c55a.zip
-
Size
51KB
-
Sample
230328-ngkw9acc9s
-
MD5
f4b307d486d76ffe118246e1e2301dd9
-
SHA1
cb938deb86f91dc6d41aae6efb7088d01c789c7a
-
SHA256
08cc73c4db752116f05392f043e395298ee7fb780ff6c4e815e53b8eaffd1d4e
-
SHA512
b7802404ef8242b05062d04ece3dc5aa9343c39f719a6b2a1b3af4e8750ea3a5d709ae27dce8412bf9b92dbcb35c6430966ef2991ef0e31d7e3d844a0abde45d
-
SSDEEP
1536:yTU2C1KW+X1pX20w6Q7mwOxaurbncg+AUK+EIXt7mKW:yAr1R+l85U4urb3+QIXBmH
Malware Config
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Targets
-
-
Target
bbdfa613b1edf7c28ae35b0d240c6a9c1291b544648a38b6d61f54f6f423c55a
-
Size
175KB
-
MD5
98eee75ec12c465a3c438e0e5b182d61
-
SHA1
3622dd8a592b8acb2e22e8041e2c5da9b367302c
-
SHA256
bbdfa613b1edf7c28ae35b0d240c6a9c1291b544648a38b6d61f54f6f423c55a
-
SHA512
efa992b43c5510f81231cce7318660f490cc7c44e0f6ac2ebd4f3e44a72a3a5ef827b3d8f39d101c47b44be77d8329e0e1ba8449d3f62a3a688c022b15f46007
-
SSDEEP
3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-