General
-
Target
6be5cc5efeffefe68183f98675f80480edcbfccb11e3552b2e3bb456a65b9477
-
Size
314KB
-
Sample
230331-wpt4wsdf3y
-
MD5
a73b90ec864bff4b63cdc82207ab7787
-
SHA1
c0dc2182514d93201a160276e1b92fceb46ad936
-
SHA256
6be5cc5efeffefe68183f98675f80480edcbfccb11e3552b2e3bb456a65b9477
-
SHA512
bf69c7c7b8aac5aafcc3f629d8eade57bd2f070b23eb14168a1c6ac7b2fff5046cb34d76eef020bb44816a1f34e2db93a5962b10e382865905ee9b949c73022a
-
SSDEEP
3072:D0yeIbgb6/b16p1Oi1o2fASbQpcUhBumuha+RdwprFGMeKUYEwo2dHEGN7vOxAGT:Iz6pKV1aSOtBufArFGM6wovH/wW3V
Malware Config
Extracted
redline
@Germany
185.11.61.125:22344
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
6be5cc5efeffefe68183f98675f80480edcbfccb11e3552b2e3bb456a65b9477
-
Size
314KB
-
MD5
a73b90ec864bff4b63cdc82207ab7787
-
SHA1
c0dc2182514d93201a160276e1b92fceb46ad936
-
SHA256
6be5cc5efeffefe68183f98675f80480edcbfccb11e3552b2e3bb456a65b9477
-
SHA512
bf69c7c7b8aac5aafcc3f629d8eade57bd2f070b23eb14168a1c6ac7b2fff5046cb34d76eef020bb44816a1f34e2db93a5962b10e382865905ee9b949c73022a
-
SSDEEP
3072:D0yeIbgb6/b16p1Oi1o2fASbQpcUhBumuha+RdwprFGMeKUYEwo2dHEGN7vOxAGT:Iz6pKV1aSOtBufArFGM6wovH/wW3V
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-