General
-
Target
c27d02d77c0aec87d90d81b3897c855e5b46eafe893ba8a3c407b2db81c54c0b
-
Size
807KB
-
Sample
210807-bp13pth22n
-
MD5
91b29e0808cf9a3e10099d2dd0391f9f
-
SHA1
d5b547c0942e38bcefc739af927efc1461a6c7a2
-
SHA256
c27d02d77c0aec87d90d81b3897c855e5b46eafe893ba8a3c407b2db81c54c0b
-
SHA512
08ebeb7752248c1ec14ed8645a59ddf087e095bc86286aa7928bf789a6f01f162cd5a7d7d68be0c2ef0aa9d9aef1e859cf466ec90531a020e6e436fa6dc8434b
Malware Config
Extracted
redline
RUZ
sandedean.xyz:80
Targets
-
-
Target
c27d02d77c0aec87d90d81b3897c855e5b46eafe893ba8a3c407b2db81c54c0b
-
Size
807KB
-
MD5
91b29e0808cf9a3e10099d2dd0391f9f
-
SHA1
d5b547c0942e38bcefc739af927efc1461a6c7a2
-
SHA256
c27d02d77c0aec87d90d81b3897c855e5b46eafe893ba8a3c407b2db81c54c0b
-
SHA512
08ebeb7752248c1ec14ed8645a59ddf087e095bc86286aa7928bf789a6f01f162cd5a7d7d68be0c2ef0aa9d9aef1e859cf466ec90531a020e6e436fa6dc8434b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-