General
-
Target
b790e6fa3ee877052ac02e27f8e8daaba4488e2b94c2e2f370922efdf472e6bc
-
Size
366KB
-
Sample
211015-qerywsahh8
-
MD5
4cafc6b44baf5ba8383821bf83620cdc
-
SHA1
3af0ae500b703aa92f93a7762e03712ddf7655c0
-
SHA256
b790e6fa3ee877052ac02e27f8e8daaba4488e2b94c2e2f370922efdf472e6bc
-
SHA512
710124f5164c7220ff255ea3512331a09d5c37d64e0646121138a8c578f7f3c69d91d38632c5ab30fd71016f0eaa7cf16a7be0a03c80899386bc5c2c5d0b9774
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
b790e6fa3ee877052ac02e27f8e8daaba4488e2b94c2e2f370922efdf472e6bc
-
Size
366KB
-
MD5
4cafc6b44baf5ba8383821bf83620cdc
-
SHA1
3af0ae500b703aa92f93a7762e03712ddf7655c0
-
SHA256
b790e6fa3ee877052ac02e27f8e8daaba4488e2b94c2e2f370922efdf472e6bc
-
SHA512
710124f5164c7220ff255ea3512331a09d5c37d64e0646121138a8c578f7f3c69d91d38632c5ab30fd71016f0eaa7cf16a7be0a03c80899386bc5c2c5d0b9774
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-