General
-
Target
ea33e7b1f13909c73a8add54ba33518350bae327ed50f86b7206c58ab3932501
-
Size
416KB
-
Sample
220521-tfm8wadcdr
-
MD5
5c1d76890d095ce1450a1402db13bdb9
-
SHA1
641b5a9c79af3c03d9281ed4ced1643106279e1d
-
SHA256
ea33e7b1f13909c73a8add54ba33518350bae327ed50f86b7206c58ab3932501
-
SHA512
a648da778a0fa6639e357be949329234e62d4f36acb40b7894c6cf0261ef6045fbb3b7ef266b2ed2964a4d2af751558c439f1b8ed95c8bf9d3611beab2b63787
Malware Config
Extracted
redline
Ruzki
193.233.48.58:38989
-
auth_value
80c38cc7772c328c028b0e4f42a3fac6
Targets
-
-
Target
ea33e7b1f13909c73a8add54ba33518350bae327ed50f86b7206c58ab3932501
-
Size
416KB
-
MD5
5c1d76890d095ce1450a1402db13bdb9
-
SHA1
641b5a9c79af3c03d9281ed4ced1643106279e1d
-
SHA256
ea33e7b1f13909c73a8add54ba33518350bae327ed50f86b7206c58ab3932501
-
SHA512
a648da778a0fa6639e357be949329234e62d4f36acb40b7894c6cf0261ef6045fbb3b7ef266b2ed2964a4d2af751558c439f1b8ed95c8bf9d3611beab2b63787
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-