General
-
Target
1929f8edad1a8276ca9f30d12a8cd8a9289a7b305f19f3b77753d3bcbd63dd7e
-
Size
336KB
-
Sample
211021-bp8bashga7
-
MD5
d18d4a79c7f7c1c68be20ab4ba146ee2
-
SHA1
fdb5c5223d80ac9851b6c44d214d005d689aa118
-
SHA256
1929f8edad1a8276ca9f30d12a8cd8a9289a7b305f19f3b77753d3bcbd63dd7e
-
SHA512
c333c6bf68cba2828097c4bbb433c8bdf1c76c3ca5a9d9561dd810461d3c617d21e995afa0590192f074fdbd73e3217abea976f5ab38e69414a73737bfadf544
Malware Config
Extracted
redline
UTS
45.9.20.182:52236
Targets
-
-
Target
1929f8edad1a8276ca9f30d12a8cd8a9289a7b305f19f3b77753d3bcbd63dd7e
-
Size
336KB
-
MD5
d18d4a79c7f7c1c68be20ab4ba146ee2
-
SHA1
fdb5c5223d80ac9851b6c44d214d005d689aa118
-
SHA256
1929f8edad1a8276ca9f30d12a8cd8a9289a7b305f19f3b77753d3bcbd63dd7e
-
SHA512
c333c6bf68cba2828097c4bbb433c8bdf1c76c3ca5a9d9561dd810461d3c617d21e995afa0590192f074fdbd73e3217abea976f5ab38e69414a73737bfadf544
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-