General
-
Target
4198d7637f0fdd1c204db281d2e7c958ba5deb11db1ad42b0b8171521e5e8a98
-
Size
305KB
-
Sample
220609-nsn32scaa2
-
MD5
738ecb95470694f49d33d12701e78c14
-
SHA1
a78db92a67595aa862cb562f653e57a1a771b35d
-
SHA256
4198d7637f0fdd1c204db281d2e7c958ba5deb11db1ad42b0b8171521e5e8a98
-
SHA512
d4203a4b3b1e05cd556fc61010cf3d0c9304859048cad562e9c500e783079f2e44169d8e2620a8ad8ded0b8e3103f7428fda8dffc3ca4843203f6f3cf006a94c
Malware Config
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Targets
-
-
Target
4198d7637f0fdd1c204db281d2e7c958ba5deb11db1ad42b0b8171521e5e8a98
-
Size
305KB
-
MD5
738ecb95470694f49d33d12701e78c14
-
SHA1
a78db92a67595aa862cb562f653e57a1a771b35d
-
SHA256
4198d7637f0fdd1c204db281d2e7c958ba5deb11db1ad42b0b8171521e5e8a98
-
SHA512
d4203a4b3b1e05cd556fc61010cf3d0c9304859048cad562e9c500e783079f2e44169d8e2620a8ad8ded0b8e3103f7428fda8dffc3ca4843203f6f3cf006a94c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-