General
-
Target
eacbae9bdaa559182cf794986c6a10c1.exe
-
Size
396KB
-
Sample
211023-ham55scbd5
-
MD5
eacbae9bdaa559182cf794986c6a10c1
-
SHA1
6943b0ec8e128dd473010269b50b494b2cea1401
-
SHA256
6c35facea27417051d4ffccbffd9a353ce00b548b50944d3ef4a246298c037f1
-
SHA512
205b8b8c25ee6cab96a435bc4b9d4eb785c6824cf45ad6bb8d5d851f9dbd43afd313ed029c762a30559d4cdabba49a797ce48778e0fb312e91a479a238459bed
Malware Config
Extracted
redline
wincode
4life.longmusic.com:6640
Targets
-
-
Target
eacbae9bdaa559182cf794986c6a10c1.exe
-
Size
396KB
-
MD5
eacbae9bdaa559182cf794986c6a10c1
-
SHA1
6943b0ec8e128dd473010269b50b494b2cea1401
-
SHA256
6c35facea27417051d4ffccbffd9a353ce00b548b50944d3ef4a246298c037f1
-
SHA512
205b8b8c25ee6cab96a435bc4b9d4eb785c6824cf45ad6bb8d5d851f9dbd43afd313ed029c762a30559d4cdabba49a797ce48778e0fb312e91a479a238459bed
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-