General
-
Target
fadf49176490c92667325c5051cf09e517df5405c10dd862a8940d2e38042e14
-
Size
251KB
-
Sample
230714-yc91pagg7z
-
MD5
3348f71bd92dde7b2a450cfd9cccf378
-
SHA1
ae03597f4aa2c1a946400a3fcefa5627ac8b37b4
-
SHA256
fadf49176490c92667325c5051cf09e517df5405c10dd862a8940d2e38042e14
-
SHA512
d62b13ff9d88207f5f5009383c71bb42589eeb1eb775b3852b3eab2971b38df17b9e15d3d46e31364b18413a723c855c258aa9502f4a5e309ff1818a405239cf
-
SSDEEP
6144:mLdszMkZ/7e4vIrril4yLRT8656XeYsvbXSl:mSgktq4vI3U4oRT86YQvu
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
fadf49176490c92667325c5051cf09e517df5405c10dd862a8940d2e38042e14
-
Size
251KB
-
MD5
3348f71bd92dde7b2a450cfd9cccf378
-
SHA1
ae03597f4aa2c1a946400a3fcefa5627ac8b37b4
-
SHA256
fadf49176490c92667325c5051cf09e517df5405c10dd862a8940d2e38042e14
-
SHA512
d62b13ff9d88207f5f5009383c71bb42589eeb1eb775b3852b3eab2971b38df17b9e15d3d46e31364b18413a723c855c258aa9502f4a5e309ff1818a405239cf
-
SSDEEP
6144:mLdszMkZ/7e4vIrril4yLRT8656XeYsvbXSl:mSgktq4vI3U4oRT86YQvu
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-