General
-
Target
dcea01c5344bb0864c91ae3de3e62f84ea1af78769ea84954fddc2260d62d59a
-
Size
917KB
-
Sample
211125-tbj1nabaa9
-
MD5
f1725bdb4846ca23120fa8e41f220aa5
-
SHA1
7180ddf25565dba99d0a6f7a1b51e35b33cc8f86
-
SHA256
dcea01c5344bb0864c91ae3de3e62f84ea1af78769ea84954fddc2260d62d59a
-
SHA512
929a65a908729733fb5b61ba4b7f022a38e167e2fe5b20b7695a576563150f75edbefd26197edfdac00806666e89e18a335b8c0eae74cfbcb5d2e5de3dd9b754
Malware Config
Targets
-
-
Target
dcea01c5344bb0864c91ae3de3e62f84ea1af78769ea84954fddc2260d62d59a
-
Size
917KB
-
MD5
f1725bdb4846ca23120fa8e41f220aa5
-
SHA1
7180ddf25565dba99d0a6f7a1b51e35b33cc8f86
-
SHA256
dcea01c5344bb0864c91ae3de3e62f84ea1af78769ea84954fddc2260d62d59a
-
SHA512
929a65a908729733fb5b61ba4b7f022a38e167e2fe5b20b7695a576563150f75edbefd26197edfdac00806666e89e18a335b8c0eae74cfbcb5d2e5de3dd9b754
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-