General
-
Target
d9e817bfed5b63389936d9e61433b50d.exe
-
Size
347KB
-
Sample
220515-ry5jrsehg8
-
MD5
d9e817bfed5b63389936d9e61433b50d
-
SHA1
43153e495ea1ac4cebdfb011585afd8f722d21e9
-
SHA256
21887d134ef45f8c4702d835a92111e905c94b4359b357f8ced432b80420d416
-
SHA512
de59e992915ecea7d765114a610cdebb3c198d945abdf73dec486eddfb15f3f6456f5e23a73baabe91692929c03537c323d033bc4d411361c12338374ef61660
Malware Config
Extracted
redline
top
iclarinyerac.xyz:80
manellylarii.xyz:80
-
auth_value
b66a08c69f913be894bbfce00805fab1
Targets
-
-
Target
d9e817bfed5b63389936d9e61433b50d.exe
-
Size
347KB
-
MD5
d9e817bfed5b63389936d9e61433b50d
-
SHA1
43153e495ea1ac4cebdfb011585afd8f722d21e9
-
SHA256
21887d134ef45f8c4702d835a92111e905c94b4359b357f8ced432b80420d416
-
SHA512
de59e992915ecea7d765114a610cdebb3c198d945abdf73dec486eddfb15f3f6456f5e23a73baabe91692929c03537c323d033bc4d411361c12338374ef61660
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-