General
-
Target
5375ef2b233bd11d591d18c55819332ceeaa340be40fceee322d6eeff0279ac2.zip
-
Size
51KB
-
Sample
230328-nn56rsaf95
-
MD5
298e3c8df74cd9769af0a564cf98fab3
-
SHA1
3bc8b85fea9329a5a16d7ab62ba2b42d42a0f1d9
-
SHA256
f076162bae958183bdab772fc5b3ce7de5b8503300f5bd5676c03c3a28877c64
-
SHA512
f41b0cf46af1db2d57fa9219f272d67ab5ced07e0308bd275e186c0dbe1775a11b01e314f4f83696c321f1ae79ecc26188d04093c1dfb29d4138e5d2337e8585
-
SSDEEP
768:gtG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNR:gM/o+yUU/ez7sNxCyLkeAxDNR
Malware Config
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
5375ef2b233bd11d591d18c55819332ceeaa340be40fceee322d6eeff0279ac2
-
Size
175KB
-
MD5
d6acb112b3124fba08b02c76880be99b
-
SHA1
8be5a87ecdb0decb3750644916737e9da9a2f09c
-
SHA256
5375ef2b233bd11d591d18c55819332ceeaa340be40fceee322d6eeff0279ac2
-
SHA512
55401952ce21db3318baef53ebc0f2e0ac25f20c196b56f761d98aeec040cbd3976983b7c2201d25b01682304357ac7b0362abcb5ccda155ca0c6a248f604981
-
SSDEEP
3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-