General
-
Target
e2b2fc4e8297c25e4e2e5796e010004d28553fca9e52c7d5eb4cfac7b1c94e17
-
Size
370KB
-
Sample
211016-erg4nscecl
-
MD5
3d8052cc533e0c624f91668466616826
-
SHA1
a5cc5037ad3615540e5efb00879d33855a99fc27
-
SHA256
e2b2fc4e8297c25e4e2e5796e010004d28553fca9e52c7d5eb4cfac7b1c94e17
-
SHA512
72c97182a3d03094d1d2e1076a462b69092bd074e2dc46117376318fa49fb910239d82fac53961101f1280354f675978831ef7f5a4a82847ffeffe071b8e1cfc
Malware Config
Extracted
redline
UTS
45.9.20.182:52236
Targets
-
-
Target
e2b2fc4e8297c25e4e2e5796e010004d28553fca9e52c7d5eb4cfac7b1c94e17
-
Size
370KB
-
MD5
3d8052cc533e0c624f91668466616826
-
SHA1
a5cc5037ad3615540e5efb00879d33855a99fc27
-
SHA256
e2b2fc4e8297c25e4e2e5796e010004d28553fca9e52c7d5eb4cfac7b1c94e17
-
SHA512
72c97182a3d03094d1d2e1076a462b69092bd074e2dc46117376318fa49fb910239d82fac53961101f1280354f675978831ef7f5a4a82847ffeffe071b8e1cfc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-