General
-
Target
Diplex.exe
-
Size
326KB
-
Sample
211015-17cpsacdaj
-
MD5
8aa179ca062a174c67433dc36e8b0142
-
SHA1
c40e9516dd3dd5ab85dbac13693eea68ac9ef456
-
SHA256
b861fd048ceff8dca345ce5ab41b60c695d845258ecc3bf175a819ee42037f98
-
SHA512
5d452d4db2d6e754cf49eb21d391e63602d248ae9556837aab46eee2fc4f9ed3ec760337e4be7880b8d9028ab15f029a2616b3c3e4e3d462859ab9047013f5c3
Malware Config
Extracted
redline
@cyber2281
95.181.152.5:46927
Targets
-
-
Target
Diplex.exe
-
Size
326KB
-
MD5
8aa179ca062a174c67433dc36e8b0142
-
SHA1
c40e9516dd3dd5ab85dbac13693eea68ac9ef456
-
SHA256
b861fd048ceff8dca345ce5ab41b60c695d845258ecc3bf175a819ee42037f98
-
SHA512
5d452d4db2d6e754cf49eb21d391e63602d248ae9556837aab46eee2fc4f9ed3ec760337e4be7880b8d9028ab15f029a2616b3c3e4e3d462859ab9047013f5c3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-