General
-
Target
71beece728fdc39c03dca4dd84d30ffe229ca171a66a76dd2452a6ce9434054a.zip
-
Size
51KB
-
Sample
230329-rd99hsgf34
-
MD5
e1a411d55378222144631f64f9fa907f
-
SHA1
ed1fc1d215629c867a74136c0e66b4b595bb9add
-
SHA256
9f0e4e5c997d47d262963323855c41fa4bea41be9b7128fff1afaebb2003a076
-
SHA512
992a134a8cb079acd8001a90f0e66d26e5bf54e813b4b54fd6e369308da20966c011354f137dfc44bcf5a35ac976f3ab8c5ca686f150d733df4f46d485a25755
-
SSDEEP
1536:UfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBM:Y+MHQFHvtKLvhuBM
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
71beece728fdc39c03dca4dd84d30ffe229ca171a66a76dd2452a6ce9434054a
-
Size
175KB
-
MD5
6ad9fa7b49b3b130697e866532d86b2b
-
SHA1
48ef54a6b6f9657f313ea90cb199f774f3c44136
-
SHA256
71beece728fdc39c03dca4dd84d30ffe229ca171a66a76dd2452a6ce9434054a
-
SHA512
d8948ba80aa49c5c7a5e6a03dd3721f5055b0cfacc321a35e898602670565047ab746045ea07732d698d841eec9cc70eb97914f00ca301eda3191581054fb396
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-