General
-
Target
a44c9a2a2a586c85b4b4cd98c24e5478.exe
-
Size
441KB
-
Sample
220523-xcwydsefcq
-
MD5
a44c9a2a2a586c85b4b4cd98c24e5478
-
SHA1
8eb2631c34d70353a329c1ac1c5503c752df5d4e
-
SHA256
40a01914555fad4d4e5ffc6d7497500d4340e3b9ffeb62ce8ffc7134487f8d8a
-
SHA512
408df08a51c84ddf886a575ba2d50ca5b38989993297d99ee9cecc8588c568e8da36ee4e4328a3f29240af4031c7d60cf418739101fe29551fe86ab7d9841b58
Malware Config
Extracted
redline
$
91.242.229.130:26402
-
auth_value
81039c9bd8ac8c604b05080ab4a86168
Targets
-
-
Target
a44c9a2a2a586c85b4b4cd98c24e5478.exe
-
Size
441KB
-
MD5
a44c9a2a2a586c85b4b4cd98c24e5478
-
SHA1
8eb2631c34d70353a329c1ac1c5503c752df5d4e
-
SHA256
40a01914555fad4d4e5ffc6d7497500d4340e3b9ffeb62ce8ffc7134487f8d8a
-
SHA512
408df08a51c84ddf886a575ba2d50ca5b38989993297d99ee9cecc8588c568e8da36ee4e4328a3f29240af4031c7d60cf418739101fe29551fe86ab7d9841b58
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-