General
-
Target
74f3d7ea6f74510060db735eca6f55a266f13d5e07990538086fbfbd97bcb0e0
-
Size
388KB
-
Sample
220626-vknwmsbfem
-
MD5
1ca324fe64fc448ad41ca16295187ccd
-
SHA1
223222df7241efe4115fcf1f2b4383064df1a682
-
SHA256
74f3d7ea6f74510060db735eca6f55a266f13d5e07990538086fbfbd97bcb0e0
-
SHA512
a6616f7ee75a3114c03a3ced8a5cc8eb42eee1715ef56bc8018cf841f70aaeeb6317954e7bd9b4b579a2eaec6495bf8a7268504ebd1ec83252ef94fe8be328ea
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
74f3d7ea6f74510060db735eca6f55a266f13d5e07990538086fbfbd97bcb0e0
-
Size
388KB
-
MD5
1ca324fe64fc448ad41ca16295187ccd
-
SHA1
223222df7241efe4115fcf1f2b4383064df1a682
-
SHA256
74f3d7ea6f74510060db735eca6f55a266f13d5e07990538086fbfbd97bcb0e0
-
SHA512
a6616f7ee75a3114c03a3ced8a5cc8eb42eee1715ef56bc8018cf841f70aaeeb6317954e7bd9b4b579a2eaec6495bf8a7268504ebd1ec83252ef94fe8be328ea
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-