General
-
Target
1764-1-0x0000000000E00000-0x0000000001182000-memory.dmp
-
Size
3.5MB
-
Sample
240229-h8nvbsac79
-
MD5
c1bf4ed4e2b33fc387350c7f11dcc9db
-
SHA1
0f4ce8a340989235e2a6e62f6bfd49a5abf6f789
-
SHA256
92c19a5a094a0555b3ca8811af30e58bb14d1ca5aafd213099107292c91719dc
-
SHA512
ff4e296fbb6483775cd2032f9c91b85d4e114d01462a88d3a58371690f619292243419cbabcb0437d1be8c981128c1951acff4adc5e919f54335a631835a57f3
-
SSDEEP
49152:pbNwemY+22boTeIH5TKE1qaXyrpV/daIoR9tHWMDhH4M7y:p5tmO8XI1KEIaXyrpVkhWMD2Mu
Malware Config
Extracted
redline
TEST
185.172.129.234:34244
Targets
-
-
Target
1764-1-0x0000000000E00000-0x0000000001182000-memory.dmp
-
Size
3.5MB
-
MD5
c1bf4ed4e2b33fc387350c7f11dcc9db
-
SHA1
0f4ce8a340989235e2a6e62f6bfd49a5abf6f789
-
SHA256
92c19a5a094a0555b3ca8811af30e58bb14d1ca5aafd213099107292c91719dc
-
SHA512
ff4e296fbb6483775cd2032f9c91b85d4e114d01462a88d3a58371690f619292243419cbabcb0437d1be8c981128c1951acff4adc5e919f54335a631835a57f3
-
SSDEEP
49152:pbNwemY+22boTeIH5TKE1qaXyrpV/daIoR9tHWMDhH4M7y:p5tmO8XI1KEIaXyrpVkhWMD2Mu
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-