General
-
Target
ca7731eecfce2a331dac132bc922fb348bde95306685ed94feb61345f07f10eb
-
Size
390KB
-
Sample
211015-22pmtscdbn
-
MD5
9337232f31140e5dafbe332ade813800
-
SHA1
496231944f348e6ccb37c92074d35784bf1d1053
-
SHA256
ca7731eecfce2a331dac132bc922fb348bde95306685ed94feb61345f07f10eb
-
SHA512
4d87e48da40ead3154e0c6a16c946f125ecba3a153cf65f72044d0f51d73169e43b39065973b139282270f14c9d57b18c866212741dc919e97c82acc263d7d98
Malware Config
Extracted
redline
paladin
37.228.129.48:29795
Targets
-
-
Target
ca7731eecfce2a331dac132bc922fb348bde95306685ed94feb61345f07f10eb
-
Size
390KB
-
MD5
9337232f31140e5dafbe332ade813800
-
SHA1
496231944f348e6ccb37c92074d35784bf1d1053
-
SHA256
ca7731eecfce2a331dac132bc922fb348bde95306685ed94feb61345f07f10eb
-
SHA512
4d87e48da40ead3154e0c6a16c946f125ecba3a153cf65f72044d0f51d73169e43b39065973b139282270f14c9d57b18c866212741dc919e97c82acc263d7d98
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-