General
-
Target
dc08bb32d2c58f89d2c38598c1e3fafef12b69ea5dbfcb4b7431ece37b558be7
-
Size
389KB
-
Sample
220626-n72mpaahcl
-
MD5
22409c56c2acb74d9f2cbe70d88de235
-
SHA1
5edbe2741741f48c3daf1d4e037078efd15ddaef
-
SHA256
dc08bb32d2c58f89d2c38598c1e3fafef12b69ea5dbfcb4b7431ece37b558be7
-
SHA512
2fc883f7a336304645518a1f13915b0e0b654f558efdab5b7231d9c483690ce1c91d1e5545219c3f701b044552e1433b076cf5029122c19bffc30e2e13a90d28
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
dc08bb32d2c58f89d2c38598c1e3fafef12b69ea5dbfcb4b7431ece37b558be7
-
Size
389KB
-
MD5
22409c56c2acb74d9f2cbe70d88de235
-
SHA1
5edbe2741741f48c3daf1d4e037078efd15ddaef
-
SHA256
dc08bb32d2c58f89d2c38598c1e3fafef12b69ea5dbfcb4b7431ece37b558be7
-
SHA512
2fc883f7a336304645518a1f13915b0e0b654f558efdab5b7231d9c483690ce1c91d1e5545219c3f701b044552e1433b076cf5029122c19bffc30e2e13a90d28
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-