General
-
Target
2a16fc0b70b571f615da5881354a886c.exe
-
Size
249KB
-
Sample
210926-r7k7gsehdl
-
MD5
2a16fc0b70b571f615da5881354a886c
-
SHA1
17950d882e61e55120b3d0e966f77a5257ac6f2a
-
SHA256
c2a8837895a2f5e54e083b9e939e2b18515b31eef4323694cbffba1bdcf5a1ba
-
SHA512
e82d064970aeb8ce1becf3908c049636facf5fc294810463651a63a5666b6e4c23e8076dbfe1509c4dc322740a72c548a124606e5779df6fd8a28a53612e9fdb
Malware Config
Extracted
redline
PUB
45.9.20.20:13441
Targets
-
-
Target
2a16fc0b70b571f615da5881354a886c.exe
-
Size
249KB
-
MD5
2a16fc0b70b571f615da5881354a886c
-
SHA1
17950d882e61e55120b3d0e966f77a5257ac6f2a
-
SHA256
c2a8837895a2f5e54e083b9e939e2b18515b31eef4323694cbffba1bdcf5a1ba
-
SHA512
e82d064970aeb8ce1becf3908c049636facf5fc294810463651a63a5666b6e4c23e8076dbfe1509c4dc322740a72c548a124606e5779df6fd8a28a53612e9fdb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-