General
-
Target
8c6ddb003ab979259593cd1bdf153cce3e541a256dc2d92aa6d683d895cef51b
-
Size
338KB
-
Sample
230401-h3mp3saa2y
-
MD5
a4b7487fac04de8c15dca6ef82052bd4
-
SHA1
436cb2280cd27ad4f1120dc3c09a1d17fc1a48f9
-
SHA256
8c6ddb003ab979259593cd1bdf153cce3e541a256dc2d92aa6d683d895cef51b
-
SHA512
4efbc86aa7eb14d12262eed2764db8971f01f8a932631446811b7acb1e43182faa578d6d035ed32291674699c0dbf77b73557acfa42e0a3ca4bae4bbc9248378
-
SSDEEP
6144:QFG6whmDbiFyBbPynvGrwgcFV6+lNQC6Uf+4xLXL:yG6wAgyBDrwd6KRvb
Malware Config
Extracted
redline
@chicago
185.11.61.125:22344
-
auth_value
21f863e0cbd09d0681058e068d0d1d7f
Targets
-
-
Target
8c6ddb003ab979259593cd1bdf153cce3e541a256dc2d92aa6d683d895cef51b
-
Size
338KB
-
MD5
a4b7487fac04de8c15dca6ef82052bd4
-
SHA1
436cb2280cd27ad4f1120dc3c09a1d17fc1a48f9
-
SHA256
8c6ddb003ab979259593cd1bdf153cce3e541a256dc2d92aa6d683d895cef51b
-
SHA512
4efbc86aa7eb14d12262eed2764db8971f01f8a932631446811b7acb1e43182faa578d6d035ed32291674699c0dbf77b73557acfa42e0a3ca4bae4bbc9248378
-
SSDEEP
6144:QFG6whmDbiFyBbPynvGrwgcFV6+lNQC6Uf+4xLXL:yG6wAgyBDrwd6KRvb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-