General
-
Target
1d300ee007daf635408937a182017cb5.exe
-
Size
379KB
-
Sample
220513-bbpa9secfk
-
MD5
1d300ee007daf635408937a182017cb5
-
SHA1
4f1d5e2da8f6d74acac2b9f8e5439a32521ff7f4
-
SHA256
613e093fee97faa720fa9cf083a2966371df89389bc727b1f2ed57478db109a7
-
SHA512
046b02c0174c3faf098d186e343fe0d059b669005bc247cfac59e3543d4d47d1ca3cd2e1848bee8c09461e660340c0d074e05c85bdc65fd0cf86a5f1df43a7e1
Malware Config
Extracted
redline
777
190.2.145.71:26414
-
auth_value
95fc36a53c042abc459d9368e4f933a4
Targets
-
-
Target
1d300ee007daf635408937a182017cb5.exe
-
Size
379KB
-
MD5
1d300ee007daf635408937a182017cb5
-
SHA1
4f1d5e2da8f6d74acac2b9f8e5439a32521ff7f4
-
SHA256
613e093fee97faa720fa9cf083a2966371df89389bc727b1f2ed57478db109a7
-
SHA512
046b02c0174c3faf098d186e343fe0d059b669005bc247cfac59e3543d4d47d1ca3cd2e1848bee8c09461e660340c0d074e05c85bdc65fd0cf86a5f1df43a7e1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-