General
-
Target
9abe35890be140c2100c8c97b46289599f77b7debefabd72eebbc574ff3488de.zip
-
Size
51KB
-
Sample
230329-nbdkzsga58
-
MD5
dcc2c7ed21b3e0e305377935d8984a24
-
SHA1
3cad3d11cce3acebe108570f7a1ff4009d3e1df4
-
SHA256
8a26eead6b9e36588a8c91f1425458b7aa6c4ec06f16d54ccd0071b1c5ff662b
-
SHA512
5834f605d5bec1a2d8cf6ece79526d342cc2d58b1338127469c5c7ec3542d5f5eb43366affa05ecb0f593865d691a3a27beec21c5740bdafd22ede5dae3a2097
-
SSDEEP
1536:xfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBh:l+MHQFHvtKLvhuBh
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
9abe35890be140c2100c8c97b46289599f77b7debefabd72eebbc574ff3488de
-
Size
175KB
-
MD5
84a123c5a57b58688c9c72fa95846334
-
SHA1
737be59797f946c07f48e397b8b503b5b1fffad3
-
SHA256
9abe35890be140c2100c8c97b46289599f77b7debefabd72eebbc574ff3488de
-
SHA512
b8996bee1291d826098314bf4bb7f0c90fd4a9ecab0ed3fb641cb06ea78fdba553dc54549ffc64dd66171da837818441b7abe6b8cf92f04fe6875e1312af3730
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-