General
-
Target
e87f7128c4410d07eb01e7a49bda6646.exe
-
Size
367KB
-
Sample
220611-nyfzmaeadk
-
MD5
e87f7128c4410d07eb01e7a49bda6646
-
SHA1
794ef323b303ba664915851a0e9fa15267570739
-
SHA256
96f2acd3f3c6c998c30b6b80dad114fe80c8da58760d5363184266de3e8b863e
-
SHA512
b535d9c13ad0a4fb6020a2a95fe52b89e39444f9e8bb768ab3dfec5b71bca5b047acd55dd0e5f413a60599b30bb9fd672b0334a4dd8b2a58875a828c164e5ae6
Malware Config
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Targets
-
-
Target
e87f7128c4410d07eb01e7a49bda6646.exe
-
Size
367KB
-
MD5
e87f7128c4410d07eb01e7a49bda6646
-
SHA1
794ef323b303ba664915851a0e9fa15267570739
-
SHA256
96f2acd3f3c6c998c30b6b80dad114fe80c8da58760d5363184266de3e8b863e
-
SHA512
b535d9c13ad0a4fb6020a2a95fe52b89e39444f9e8bb768ab3dfec5b71bca5b047acd55dd0e5f413a60599b30bb9fd672b0334a4dd8b2a58875a828c164e5ae6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-