General
-
Target
2e849eafce1814cbbe24eeb9358b61c6d0b8e1dac0195a4ea3161a11280aa438
-
Size
249KB
-
Sample
210926-nwmdmaegc6
-
MD5
8edbc35ec0f0eb1b9bf7576c9f1daf50
-
SHA1
d1d5b82514b97b04ed37ddb9f5da6c11da47f777
-
SHA256
2e849eafce1814cbbe24eeb9358b61c6d0b8e1dac0195a4ea3161a11280aa438
-
SHA512
e9499a05b7e725e18578c4fe9ea17116b2ff371522406fda11477348ddecb3b340fac0673a10183612c01bbf08d7a593378eac3e5f5f64a240064cd7f27fc0b9
Malware Config
Extracted
redline
UTS
45.9.20.20:13441
Targets
-
-
Target
2e849eafce1814cbbe24eeb9358b61c6d0b8e1dac0195a4ea3161a11280aa438
-
Size
249KB
-
MD5
8edbc35ec0f0eb1b9bf7576c9f1daf50
-
SHA1
d1d5b82514b97b04ed37ddb9f5da6c11da47f777
-
SHA256
2e849eafce1814cbbe24eeb9358b61c6d0b8e1dac0195a4ea3161a11280aa438
-
SHA512
e9499a05b7e725e18578c4fe9ea17116b2ff371522406fda11477348ddecb3b340fac0673a10183612c01bbf08d7a593378eac3e5f5f64a240064cd7f27fc0b9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-