General
-
Target
0x0006000000023159-173.dat
-
Size
173KB
-
Sample
230608-mr8wdsed43
-
MD5
ef2247008e34cdecb7645ec798a77288
-
SHA1
77d49b2ce9066f73d9899b0d0760d72c054f6d9a
-
SHA256
7366318ae789453f32556d0613e2fe50af245f4f4e6905c1304b01ac237631d0
-
SHA512
8d43e9f0a8141f3e289fface9d0bac1f9c255a508d9edb1c46e80764a926feead57a2081cd0eead7d877f9daebd8bb5a824bfe51a62fa84166dab9cc5a965e2a
-
SSDEEP
1536:gtaPgzl736sv0W7Tp8JFrH4ySLn1nbAxNTIYQ/dbumgzeFra6l0GkR88e8hZ:g6gJBO0y6RbAxNjgOqFra6l/8e8hZ
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
0x0006000000023159-173.dat
-
Size
173KB
-
MD5
ef2247008e34cdecb7645ec798a77288
-
SHA1
77d49b2ce9066f73d9899b0d0760d72c054f6d9a
-
SHA256
7366318ae789453f32556d0613e2fe50af245f4f4e6905c1304b01ac237631d0
-
SHA512
8d43e9f0a8141f3e289fface9d0bac1f9c255a508d9edb1c46e80764a926feead57a2081cd0eead7d877f9daebd8bb5a824bfe51a62fa84166dab9cc5a965e2a
-
SSDEEP
1536:gtaPgzl736sv0W7Tp8JFrH4ySLn1nbAxNTIYQ/dbumgzeFra6l0GkR88e8hZ:g6gJBO0y6RbAxNjgOqFra6l/8e8hZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-