General
-
Target
fb17c9f94dab9c005ef3b74afcd8a875ef739bcdec18c397951ca3ee9d4cdaca
-
Size
556KB
-
Sample
220129-vt1xkafad4
-
MD5
bebd43d9d455816409c63251edcf4682
-
SHA1
5aa5b6dc7cc7ceab34e7dd143c88d91d8edadb55
-
SHA256
4805565556ae7acccff3929fcb9499ba22ff1d1a18735e65bbdd7a2fc329ba6e
-
SHA512
71fe8c75dfe45d511ea700c032e5f46f4764b5b6e60fd7307d1ff1d3727d3faf676e31f8a5e8c7905797f96fe10d0434f56051a2ca98a1bbc7e53b8752b08fb1
Malware Config
Extracted
redline
mix29.01
185.215.113.70:21508
Targets
-
-
Target
fb17c9f94dab9c005ef3b74afcd8a875ef739bcdec18c397951ca3ee9d4cdaca
-
Size
715KB
-
MD5
b0a610e0ab1e591b9584a277258d8966
-
SHA1
9dd06562a6faba0919e084ff321134b1f46bb813
-
SHA256
fb17c9f94dab9c005ef3b74afcd8a875ef739bcdec18c397951ca3ee9d4cdaca
-
SHA512
ca24b4f933ea1471f1205ea4b6e8621c1cd59a3ffb1165101002e681936791d001d2de5a49e0b0e03252d5a88a853c6e06d4d8177cd5d468b629890ef79cd167
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-