General
-
Target
f828ed6f24aaf5ff2d438c531870b160e6d2d1e843c4f.exe
-
Size
29KB
-
Sample
220125-vmz2pabfe3
-
MD5
1f775be2d4844ba97f48a0c384c11b79
-
SHA1
6d9b2f9ea926c6eb780edfd3e32eae593797b062
-
SHA256
f828ed6f24aaf5ff2d438c531870b160e6d2d1e843c4f9fc881ac60720f57698
-
SHA512
7bec3e27200d92714e6e4970de9dddd7d89efb9393e98ed80d7f1d1a93e453a6bb94f1c5ee266be0fe200e23752f709da5214b6a59e37a441a886315269674d7
Malware Config
Extracted
redline
KANBUCHA
185.215.113.107:1433
Targets
-
-
Target
f828ed6f24aaf5ff2d438c531870b160e6d2d1e843c4f.exe
-
Size
29KB
-
MD5
1f775be2d4844ba97f48a0c384c11b79
-
SHA1
6d9b2f9ea926c6eb780edfd3e32eae593797b062
-
SHA256
f828ed6f24aaf5ff2d438c531870b160e6d2d1e843c4f9fc881ac60720f57698
-
SHA512
7bec3e27200d92714e6e4970de9dddd7d89efb9393e98ed80d7f1d1a93e453a6bb94f1c5ee266be0fe200e23752f709da5214b6a59e37a441a886315269674d7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-