General
-
Target
047048dc097a48485b98fd38adb3ca8b0dbc96344d1a9a2dd0df73ed601c0a4e
-
Size
364KB
-
Sample
211019-pemhqsfgf4
-
MD5
c694fcad8279c0398cd98fa94fe35cbd
-
SHA1
4d0a39bc49d317ad3f679a3b0e8d64c3b45495e3
-
SHA256
047048dc097a48485b98fd38adb3ca8b0dbc96344d1a9a2dd0df73ed601c0a4e
-
SHA512
3471895773b08a96fc60aff82211a4444795cf45e0e202b9312b501407b12dd9ee55706025fc75a43a0c0e66e3cbb3e6842b6e702f722c113bec49f64517a086
Malware Config
Extracted
redline
UDP
45.9.20.182:52236
Targets
-
-
Target
047048dc097a48485b98fd38adb3ca8b0dbc96344d1a9a2dd0df73ed601c0a4e
-
Size
364KB
-
MD5
c694fcad8279c0398cd98fa94fe35cbd
-
SHA1
4d0a39bc49d317ad3f679a3b0e8d64c3b45495e3
-
SHA256
047048dc097a48485b98fd38adb3ca8b0dbc96344d1a9a2dd0df73ed601c0a4e
-
SHA512
3471895773b08a96fc60aff82211a4444795cf45e0e202b9312b501407b12dd9ee55706025fc75a43a0c0e66e3cbb3e6842b6e702f722c113bec49f64517a086
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-