General
-
Target
7f991d43aa3e97b19b8e9f50e538b3906f43ee091fb6b.exe
-
Size
91KB
-
Sample
210504-jdnfc9m9m6
-
MD5
0ba6261401e0f3cff99d77300dfcfea8
-
SHA1
97facb0813150932fcd2c6ae52a305873c208cdd
-
SHA256
7f991d43aa3e97b19b8e9f50e538b3906f43ee091fb6bb99c5256670b47edd33
-
SHA512
2d069264f8a9f0c9b80a5d9f64ac159ac6c073aefa2e179618568e50401715b6c1526bdc4094b1493affccedefa86328dfbe84209b5432669b02a4ddf8d3beec
Malware Config
Extracted
redline
500S
kystearlar.xyz:80
Targets
-
-
Target
7f991d43aa3e97b19b8e9f50e538b3906f43ee091fb6b.exe
-
Size
91KB
-
MD5
0ba6261401e0f3cff99d77300dfcfea8
-
SHA1
97facb0813150932fcd2c6ae52a305873c208cdd
-
SHA256
7f991d43aa3e97b19b8e9f50e538b3906f43ee091fb6bb99c5256670b47edd33
-
SHA512
2d069264f8a9f0c9b80a5d9f64ac159ac6c073aefa2e179618568e50401715b6c1526bdc4094b1493affccedefa86328dfbe84209b5432669b02a4ddf8d3beec
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-