General
-
Target
2424fce48642c5cd8272c92b08a92b7364ad5950ac714f2e0eff7f40ff10c03e
-
Size
313KB
-
Sample
230331-w9jtnadg9z
-
MD5
ce242823bfc1b0daca65e4a8668966e5
-
SHA1
e1d992d537c3dd7340f6dc04e5d7d171e2981c1d
-
SHA256
2424fce48642c5cd8272c92b08a92b7364ad5950ac714f2e0eff7f40ff10c03e
-
SHA512
0a0cff18872a65327cc1ccd730050cb899f5e3cea7db96ac343566bb82f42fe54b31ec9d46f1ee1e596855b35436f12e054695f0c75b0973f6043d54dc59a51e
-
SSDEEP
6144:VGrC/DgPCCG0QSw3oX5ZP8PFyig9pgWH5Ga:saD8CCG0Fw3W5ZkNip5ZG
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
2424fce48642c5cd8272c92b08a92b7364ad5950ac714f2e0eff7f40ff10c03e
-
Size
313KB
-
MD5
ce242823bfc1b0daca65e4a8668966e5
-
SHA1
e1d992d537c3dd7340f6dc04e5d7d171e2981c1d
-
SHA256
2424fce48642c5cd8272c92b08a92b7364ad5950ac714f2e0eff7f40ff10c03e
-
SHA512
0a0cff18872a65327cc1ccd730050cb899f5e3cea7db96ac343566bb82f42fe54b31ec9d46f1ee1e596855b35436f12e054695f0c75b0973f6043d54dc59a51e
-
SSDEEP
6144:VGrC/DgPCCG0QSw3oX5ZP8PFyig9pgWH5Ga:saD8CCG0Fw3W5ZkNip5ZG
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-