General
-
Target
434ccc368d9d3fca5286889702f72475.exe
-
Size
1.2MB
-
Sample
210506-86azkgeyd2
-
MD5
434ccc368d9d3fca5286889702f72475
-
SHA1
7626c08cf3c773226133e78800a819e57084b2e3
-
SHA256
dc3014452f4f99828129950d9507ab71df2c80daf40250125d8e21961baa079a
-
SHA512
c866cc9c4842676072406bbe45aadc2b1836e196488365787316e8de987b4e7d2d9cc934f2116e603b307cf09fb55e725cf8f04e46bbe6ebb0c713df1e22717b
Malware Config
Targets
-
-
Target
434ccc368d9d3fca5286889702f72475.exe
-
Size
1.2MB
-
MD5
434ccc368d9d3fca5286889702f72475
-
SHA1
7626c08cf3c773226133e78800a819e57084b2e3
-
SHA256
dc3014452f4f99828129950d9507ab71df2c80daf40250125d8e21961baa079a
-
SHA512
c866cc9c4842676072406bbe45aadc2b1836e196488365787316e8de987b4e7d2d9cc934f2116e603b307cf09fb55e725cf8f04e46bbe6ebb0c713df1e22717b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-