General
-
Target
a10a14af2021091a7cf32032ea91b84a.exe
-
Size
715KB
-
Sample
211022-l84gkabeb2
-
MD5
a10a14af2021091a7cf32032ea91b84a
-
SHA1
92fd172a7bf9aefda0e7a2800a2eedaa0152add4
-
SHA256
b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156
-
SHA512
cacf527f11a4c25924ba9e1100438a314ad3e4b6284ef845daac49b6cf511c12535a569c12a12ba2c9aa175f536979417d582cd4046c0c7bc0080ad1669d9f1d
Malware Config
Extracted
redline
22.10
185.215.113.17:7700
Targets
-
-
Target
a10a14af2021091a7cf32032ea91b84a.exe
-
Size
715KB
-
MD5
a10a14af2021091a7cf32032ea91b84a
-
SHA1
92fd172a7bf9aefda0e7a2800a2eedaa0152add4
-
SHA256
b93c3342ed056d702f68cda57ccdd6ea92c34addac671f174e7070477cf4c156
-
SHA512
cacf527f11a4c25924ba9e1100438a314ad3e4b6284ef845daac49b6cf511c12535a569c12a12ba2c9aa175f536979417d582cd4046c0c7bc0080ad1669d9f1d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-