General
-
Target
f933255bbb9705afc8bbd246d250fee905dcf5ecf578cb8b73b99613eccd1193.zip
-
Size
51KB
-
Sample
230328-nzh6daag66
-
MD5
fe8357daa1058ed6376464f5890cd1f3
-
SHA1
834a16b808cbdbfe214227bcb72bea916e9d6bc1
-
SHA256
34b2bc237e2393792827606a918c8172820f319ad4c69e8d806b878d99a8d3d9
-
SHA512
e8fea652393df62ba8d3500e33e1a4622ad61486009919471145d14adb3a86d7d07ceae86f271b8d3606f8a52db37e5b4093217e24ea006cec0d4e69f81e17bc
-
SSDEEP
1536:dzqji9WNuVHbtJMvGvdrLg8i9jzrY/27hORdx:dzZ6udbtJMGN3i9Pl4Rdx
Malware Config
Extracted
redline
luza
176.113.115.145:4125
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Targets
-
-
Target
f933255bbb9705afc8bbd246d250fee905dcf5ecf578cb8b73b99613eccd1193
-
Size
175KB
-
MD5
e40c795ad20ed6abc5dbd4939c07d0d1
-
SHA1
a9b1a7fb1b55c69a9f0a5d92d2ba5b0cafb56e38
-
SHA256
f933255bbb9705afc8bbd246d250fee905dcf5ecf578cb8b73b99613eccd1193
-
SHA512
2ad865cfa168a5ec67b758658758a1f5a79a4b6e6a00631e58a47619748a6e84c3aa2d668eff2fbd0dbf475d7c1d7d6fd7b1626d300f15e65136fed3f472e070
-
SSDEEP
3072:kxqZWZRanU2n0YLxE3I4Ge/N9PhhPxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jr:6qZgYLx+r5Ph
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-