General
-
Target
Genshin_pwAPSK.zip
-
Size
6.6MB
-
Sample
230712-ktts5scf27
-
MD5
f3ad2afca4a169c83515d3a2f3af2763
-
SHA1
422abd87db87608e01515bd48894629c5109d617
-
SHA256
4a99fc5806c37ba4c288f41b0fbd7b7e37e7196f9a142adb1acd57d24ee2e076
-
SHA512
0809c17d5865c92323ea9cc9b0d051fce7890ede242648c1079cd1ec735f895ec22ce983992b51845cdd87ff0f33fe558f734a74f7dfae03cbde8d7341d382ef
-
SSDEEP
98304:Jzm8NdzxDdVf0ObBYWV7QpCil/OzKGr0nEEXeX0EMokkw1:J1ldRbnV5imvYnEEXeX0ERw1
Malware Config
Extracted
redline
2
65.21.118.109:42825
-
auth_value
94b6263d6b4ea59b523674dfddf3486c
Targets
-
-
Target
Genshin_pwAPSK/Genshin_pwAPSK.exe
-
Size
655.5MB
-
MD5
a661688709a110c18c98b093c7635516
-
SHA1
4b39e15fe4d0ce5560d3f0749d348dac657bb962
-
SHA256
38607130947eb1abe492d68e81f3b393b146a9c631a3101aebe775def4c0123b
-
SHA512
d838fce78dae4c56abaf6e5cac0d57f121823f92fa56f037e34724fb7b49660cf6251c08144e9322ae174b3448b34ca87145f68ae1d4fc91261df6360bb45015
-
SSDEEP
98304:kC0Md5Z5XT1dNfYiFToQVVUJial16fuu5I9Ee9eZioI8Q0:lT5DT1dHFrVna41q9Ee9eZio7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-