General
-
Target
6c21c42b564d98a0242600d92dbb9aee.exe
-
Size
192KB
-
Sample
210504-zb83yk6lj6
-
MD5
6c21c42b564d98a0242600d92dbb9aee
-
SHA1
a8e3d6fc12ef1e957b5d3e6fe9e7117106da4486
-
SHA256
b5e9f31e9150c4530dba7fa1d830fdc736ab939aecd563332e0856c7041f3de7
-
SHA512
14bbb29c11add80b42cb8e4c5fb3caf95367de86bd641a1e79e00d04e9cb14ffbd3b4d4fb7c7a027ce14dba81ee2cc60b6489655d414b556e847cae517489650
Malware Config
Extracted
redline
2
213.166.71.146:30027
Targets
-
-
Target
6c21c42b564d98a0242600d92dbb9aee.exe
-
Size
192KB
-
MD5
6c21c42b564d98a0242600d92dbb9aee
-
SHA1
a8e3d6fc12ef1e957b5d3e6fe9e7117106da4486
-
SHA256
b5e9f31e9150c4530dba7fa1d830fdc736ab939aecd563332e0856c7041f3de7
-
SHA512
14bbb29c11add80b42cb8e4c5fb3caf95367de86bd641a1e79e00d04e9cb14ffbd3b4d4fb7c7a027ce14dba81ee2cc60b6489655d414b556e847cae517489650
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-