General
-
Target
4eb01ef14cdac74f813b0cf8a581802ee2b605025bc85cb6e4a191165464343c
-
Size
331KB
-
Sample
230330-j67p4abf82
-
MD5
0ecc5b6460e1b2e5e5cff7bf6e01ae91
-
SHA1
4de8cc827a7b5858207fea6bc87cbb2c4ddb2b93
-
SHA256
4eb01ef14cdac74f813b0cf8a581802ee2b605025bc85cb6e4a191165464343c
-
SHA512
9366c438c73816dff7a8eabba0ae0d03ccf4835b7992c7eded7a9cf7a219ad451b25254db62c85fab380d57d23ebf944f21ae8e5851c624f3981db8c4f321a48
-
SSDEEP
6144:lxKo4fMvK9Umf7/AHZYanp3VvpLs8tdbNExLLh:mo4fMiamD4HZXnpFvpLs8tdbNEj
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
4eb01ef14cdac74f813b0cf8a581802ee2b605025bc85cb6e4a191165464343c
-
Size
331KB
-
MD5
0ecc5b6460e1b2e5e5cff7bf6e01ae91
-
SHA1
4de8cc827a7b5858207fea6bc87cbb2c4ddb2b93
-
SHA256
4eb01ef14cdac74f813b0cf8a581802ee2b605025bc85cb6e4a191165464343c
-
SHA512
9366c438c73816dff7a8eabba0ae0d03ccf4835b7992c7eded7a9cf7a219ad451b25254db62c85fab380d57d23ebf944f21ae8e5851c624f3981db8c4f321a48
-
SSDEEP
6144:lxKo4fMvK9Umf7/AHZYanp3VvpLs8tdbNExLLh:mo4fMiamD4HZXnpFvpLs8tdbNEj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-