General
-
Target
rk430005.exe
-
Size
168KB
-
Sample
230411-a1le8she47
-
MD5
6464a92aa53df0900575af514a991687
-
SHA1
b21bc68ddebcdf54182723a01c241b180a01d7be
-
SHA256
53ea526c71d23c786ad00d3297f314b968096e31895837e16f9aa278fa9463bc
-
SHA512
a21ef245c30bd0d36ff9cbdda448190e2f4d656205cff2899b85bd294f76f7a60510307e5345d31f9cab5def914556cdb87f10b0fa4a98c300e076f71946d029
-
SSDEEP
3072:zbo2i9G9tCQUqVY+FRV1Qw88GjEop8e8hb:zbo2ik9E+F9Qw88GjEop
Malware Config
Extracted
redline
zima
176.113.115.145:4125
-
auth_value
2ef701d510c0d27e8a8e3270281678b1
Targets
-
-
Target
rk430005.exe
-
Size
168KB
-
MD5
6464a92aa53df0900575af514a991687
-
SHA1
b21bc68ddebcdf54182723a01c241b180a01d7be
-
SHA256
53ea526c71d23c786ad00d3297f314b968096e31895837e16f9aa278fa9463bc
-
SHA512
a21ef245c30bd0d36ff9cbdda448190e2f4d656205cff2899b85bd294f76f7a60510307e5345d31f9cab5def914556cdb87f10b0fa4a98c300e076f71946d029
-
SSDEEP
3072:zbo2i9G9tCQUqVY+FRV1Qw88GjEop8e8hb:zbo2ik9E+F9Qw88GjEop
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-