General
-
Target
a3f11431b3eb5c8adbfe901384b3f677296973d4fa56b9d400122d26fe9e81ff
-
Size
379KB
-
Sample
220525-p29xjsedcr
-
MD5
a0f0b046ed246519cedfe8ce84b4b068
-
SHA1
8bbf8cce2108723801773c1479262cb8dda93b01
-
SHA256
a3f11431b3eb5c8adbfe901384b3f677296973d4fa56b9d400122d26fe9e81ff
-
SHA512
120c42e2e223c37a794fd04ea03e7184b9246ccb6924f825a44c5114f56ba79fabbdecd994bcc4bf8982843bb784013b9be126e8f1868a12717c3440b36155ab
Malware Config
Extracted
redline
top
185.215.113.75:81
-
auth_value
ff6259bc2baf33b54b454aad484fb0ee
Targets
-
-
Target
a3f11431b3eb5c8adbfe901384b3f677296973d4fa56b9d400122d26fe9e81ff
-
Size
379KB
-
MD5
a0f0b046ed246519cedfe8ce84b4b068
-
SHA1
8bbf8cce2108723801773c1479262cb8dda93b01
-
SHA256
a3f11431b3eb5c8adbfe901384b3f677296973d4fa56b9d400122d26fe9e81ff
-
SHA512
120c42e2e223c37a794fd04ea03e7184b9246ccb6924f825a44c5114f56ba79fabbdecd994bcc4bf8982843bb784013b9be126e8f1868a12717c3440b36155ab
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-