General
-
Target
e00de360e7176a2fb38e95e7f611d129d37a34262594b347af716d5ca6aaf642
-
Size
370KB
-
Sample
211015-2gfjesbeg8
-
MD5
f045ef294df1f9823cc7662da52f6c01
-
SHA1
b00f1b7388114d6348f0ba779cc91ce79e5d32ee
-
SHA256
e00de360e7176a2fb38e95e7f611d129d37a34262594b347af716d5ca6aaf642
-
SHA512
994a416591f9739dadb2e10dd717eefbb5e2ec5e9e5ec11721be0be2405f13e3494b89031848a7daecd33e6685799e9d702aee258f08fbbeb8c3acdda2be0b55
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
e00de360e7176a2fb38e95e7f611d129d37a34262594b347af716d5ca6aaf642
-
Size
370KB
-
MD5
f045ef294df1f9823cc7662da52f6c01
-
SHA1
b00f1b7388114d6348f0ba779cc91ce79e5d32ee
-
SHA256
e00de360e7176a2fb38e95e7f611d129d37a34262594b347af716d5ca6aaf642
-
SHA512
994a416591f9739dadb2e10dd717eefbb5e2ec5e9e5ec11721be0be2405f13e3494b89031848a7daecd33e6685799e9d702aee258f08fbbeb8c3acdda2be0b55
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-