General
-
Target
rrun.exe
-
Size
318KB
-
Sample
220601-tsm4msacf2
-
MD5
9265bac2dc2b7c66e3f91abc361ae3d0
-
SHA1
0d91722888ae4a74d1b71290e42f570c24f7d14d
-
SHA256
e6993312f60d0d141c3c666fdfce0b4988d3d8890b7d45d4a68f03daac17be36
-
SHA512
6215f19e727b10790630d960f734815b527889f9a1df3f0591b3edb16b0f7af9f397970fdb27cca9bf8b47b4e5b97e25345d5e703c68e4f612b2e9f597b13c02
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
rrun.exe
-
Size
318KB
-
MD5
9265bac2dc2b7c66e3f91abc361ae3d0
-
SHA1
0d91722888ae4a74d1b71290e42f570c24f7d14d
-
SHA256
e6993312f60d0d141c3c666fdfce0b4988d3d8890b7d45d4a68f03daac17be36
-
SHA512
6215f19e727b10790630d960f734815b527889f9a1df3f0591b3edb16b0f7af9f397970fdb27cca9bf8b47b4e5b97e25345d5e703c68e4f612b2e9f597b13c02
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-