General
-
Target
2008-59-0x0000000001F50000-0x0000000001F70000-memory.dmp
-
Size
128KB
-
Sample
220504-f13bmsfgek
-
MD5
823ebc53d1d22612afeba9c9e8729912
-
SHA1
13ae8b17a9d097557daaacba72f395c88febc0d1
-
SHA256
29b9fee0ab007b68732347d1936615eae9b53c7b9e4d2e85e2aaa8fd71b0e1bf
-
SHA512
1efc39b425afa5956c2aad2927213519a701cb8fbae09ca359a6c9ba7cc6fe8ce6a1255dbee8409f4627f6f6a248194335b21f44281207a33b6def401fc5680d
Malware Config
Extracted
redline
1
45.87.63.175:80
-
auth_value
bee3c59bada67864cb0d4dde954652de
Targets
-
-
Target
2008-59-0x0000000001F50000-0x0000000001F70000-memory.dmp
-
Size
128KB
-
MD5
823ebc53d1d22612afeba9c9e8729912
-
SHA1
13ae8b17a9d097557daaacba72f395c88febc0d1
-
SHA256
29b9fee0ab007b68732347d1936615eae9b53c7b9e4d2e85e2aaa8fd71b0e1bf
-
SHA512
1efc39b425afa5956c2aad2927213519a701cb8fbae09ca359a6c9ba7cc6fe8ce6a1255dbee8409f4627f6f6a248194335b21f44281207a33b6def401fc5680d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-