General
-
Target
c4d6c31d98bdf1124ef98cf6855747ed1894d3b3ef5ba079613a41324820eff0
-
Size
243KB
-
Sample
210926-rt43fafaa2
-
MD5
b604a850d6bd834c8cd019e0750236a4
-
SHA1
1c75cae1199e75d22d96216662423ff2239be740
-
SHA256
c4d6c31d98bdf1124ef98cf6855747ed1894d3b3ef5ba079613a41324820eff0
-
SHA512
c16fe23f8dfd3069fd14455bcbd48aca0d7013ed54b9e5339dcc380c7207deed26f7a3bdf4f4c55fa30c4e6d65d0bc242367f15397ae01487a7b3d56ad2bf1ac
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
c4d6c31d98bdf1124ef98cf6855747ed1894d3b3ef5ba079613a41324820eff0
-
Size
243KB
-
MD5
b604a850d6bd834c8cd019e0750236a4
-
SHA1
1c75cae1199e75d22d96216662423ff2239be740
-
SHA256
c4d6c31d98bdf1124ef98cf6855747ed1894d3b3ef5ba079613a41324820eff0
-
SHA512
c16fe23f8dfd3069fd14455bcbd48aca0d7013ed54b9e5339dcc380c7207deed26f7a3bdf4f4c55fa30c4e6d65d0bc242367f15397ae01487a7b3d56ad2bf1ac
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-