General
-
Target
7dba85a4920b25645867b6cb50dcccd7.exe
-
Size
7.5MB
-
Sample
210510-jrkrss2pha
-
MD5
7dba85a4920b25645867b6cb50dcccd7
-
SHA1
640784e9a780182bedb1229f495ffa18588ff590
-
SHA256
71f02c2c42215c3cdc78cf61bd5f26eaf50c532d74e284c0d850a525cf8d6fa8
-
SHA512
ccd5ed7cdf7455b1ed61114de459ef55d86764cab8135249ddf2266f5827e3a5a05690b0d168e480ad220ec8686610ce6f1fda64a814ca22debd1d2d54da7a56
Malware Config
Extracted
redline
01
45.144.29.2:53335
Targets
-
-
Target
7dba85a4920b25645867b6cb50dcccd7.exe
-
Size
7.5MB
-
MD5
7dba85a4920b25645867b6cb50dcccd7
-
SHA1
640784e9a780182bedb1229f495ffa18588ff590
-
SHA256
71f02c2c42215c3cdc78cf61bd5f26eaf50c532d74e284c0d850a525cf8d6fa8
-
SHA512
ccd5ed7cdf7455b1ed61114de459ef55d86764cab8135249ddf2266f5827e3a5a05690b0d168e480ad220ec8686610ce6f1fda64a814ca22debd1d2d54da7a56
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-