General
-
Target
7d6762a9187e44646e80e0b866d6389128e2caceb9cadb3e535cf36e615ad690
-
Size
551KB
-
Sample
211215-3qnf3aahc9
-
MD5
749f87b58e7faa71de24d4f8487d3c56
-
SHA1
bf0d6bb93a9b2c25ec8a8fdf831da2ee3630aa7d
-
SHA256
7d6762a9187e44646e80e0b866d6389128e2caceb9cadb3e535cf36e615ad690
-
SHA512
dc3cd730b9a5616fa4d261b96d6857947a0342d72008738013fb7fb2981c76139aab6ab6978e05ae880faa02c3e52fb1fc3357b30ccf5afed44f4f3523fd5561
Malware Config
Extracted
redline
mix16.12
185.215.113.70:21508
Targets
-
-
Target
7d6762a9187e44646e80e0b866d6389128e2caceb9cadb3e535cf36e615ad690
-
Size
551KB
-
MD5
749f87b58e7faa71de24d4f8487d3c56
-
SHA1
bf0d6bb93a9b2c25ec8a8fdf831da2ee3630aa7d
-
SHA256
7d6762a9187e44646e80e0b866d6389128e2caceb9cadb3e535cf36e615ad690
-
SHA512
dc3cd730b9a5616fa4d261b96d6857947a0342d72008738013fb7fb2981c76139aab6ab6978e05ae880faa02c3e52fb1fc3357b30ccf5afed44f4f3523fd5561
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-