General
-
Target
ee99ebb5242fcb97bf73e360b27a7cbc100483e46421b8af6676413fbda19a83
-
Size
2.3MB
-
Sample
220417-mg45fshae6
-
MD5
3736170386bcdccc13b0c3f704f8a9d1
-
SHA1
6d67415f28172b241946e090170d230b145c4fe4
-
SHA256
ee99ebb5242fcb97bf73e360b27a7cbc100483e46421b8af6676413fbda19a83
-
SHA512
df9d874c57af6279175eeeb1bfc0b3c1f0f994b0904f5458b6f4ca12cc9df58cb1819698c9b18e46fee5c93ffdc04e61bf2aff3abb633fe08ed6ac8ee2a7fbc0
Malware Config
Extracted
redline
install
193.150.103.38:40169
-
auth_value
7b121606198c8456e17d49ab8c2d0e42
Targets
-
-
Target
ee99ebb5242fcb97bf73e360b27a7cbc100483e46421b8af6676413fbda19a83
-
Size
2.3MB
-
MD5
3736170386bcdccc13b0c3f704f8a9d1
-
SHA1
6d67415f28172b241946e090170d230b145c4fe4
-
SHA256
ee99ebb5242fcb97bf73e360b27a7cbc100483e46421b8af6676413fbda19a83
-
SHA512
df9d874c57af6279175eeeb1bfc0b3c1f0f994b0904f5458b6f4ca12cc9df58cb1819698c9b18e46fee5c93ffdc04e61bf2aff3abb633fe08ed6ac8ee2a7fbc0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-