General
-
Target
f0aaf1b673a9316c4b899ccc4e12d33e.bin
-
Size
116KB
-
Sample
241213-b252pswmen
-
MD5
5d94283b7257081ee6bf187703d4c970
-
SHA1
4bf045392a4d9ea30efd89d90d415f1a2cbce698
-
SHA256
78a6286951ae1ea0425e2726eb61c6fdaff91731a25c826cc5167f4b2f2eefa1
-
SHA512
4f3853dff3d311b5361e17c8a95a9db3c6c14fae8b6344830e1111c9c6819739fa528878b87bf1cd4060ca898f637d9b8d7bd23840d5f28d587927438ede484c
-
SSDEEP
3072:2HV+nkF0cho46FZj28vPvHlLrNTRd4Lqt2f/el1CLs:GV+A0cp8wMvVXdtt2f/CwA
Malware Config
Extracted
redline
fvcxcx
185.81.68.147:1912
Targets
-
-
Target
fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2.exe
-
Size
300KB
-
MD5
f0aaf1b673a9316c4b899ccc4e12d33e
-
SHA1
294b9c038264d052b3c1c6c80e8f1b109590cf36
-
SHA256
fcc616ecbe31fadf9c30a9baedde66d2ce7ff10c369979fe9c4f8c5f1bff3fc2
-
SHA512
97d149658e9e7a576dfb095d5f6d8956cb185d35f07dd8e769b3b957f92260b5de727eb2685522923d15cd70c16c596aa6354452ac851b985ab44407734b6f21
-
SSDEEP
3072:GcZqf7D34kp/0+mAYkygYdQ0ghnB1fA0PuTVAtkxzF3R4eqiOL2bBOA:GcZqf7DIcnGapB1fA0GTV8krYL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-