General
-
Target
490b1c912fde64d281d06f7d4814dbfaa002231a7113c1cd61929a5613b1133b
-
Size
239KB
-
Sample
210926-we4kksfban
-
MD5
1886f33f9e9bc01861c196af35c1cafc
-
SHA1
e70e654f91f16eaa2b884416e14d58442232679f
-
SHA256
490b1c912fde64d281d06f7d4814dbfaa002231a7113c1cd61929a5613b1133b
-
SHA512
ebd9e269bda03ad5a445a3eceff1531c06ea6db4a238fb1ffa97e976ba71ce4307081edd6edf8a9198e3d0862eae2034525217c5fe97d58024540bac7b1aa6bd
Malware Config
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
490b1c912fde64d281d06f7d4814dbfaa002231a7113c1cd61929a5613b1133b
-
Size
239KB
-
MD5
1886f33f9e9bc01861c196af35c1cafc
-
SHA1
e70e654f91f16eaa2b884416e14d58442232679f
-
SHA256
490b1c912fde64d281d06f7d4814dbfaa002231a7113c1cd61929a5613b1133b
-
SHA512
ebd9e269bda03ad5a445a3eceff1531c06ea6db4a238fb1ffa97e976ba71ce4307081edd6edf8a9198e3d0862eae2034525217c5fe97d58024540bac7b1aa6bd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-