General
-
Target
d4141ce78e6d94dd6f2f0520d60e0573f908c0e99d065735e7aae9c42e4d9d42
-
Size
389KB
-
Sample
220627-brkysaadf5
-
MD5
c5ebb8f32a8bd4f671271d68b62bb9a9
-
SHA1
799c5031abe1acde40265d6fc189ebc02cf3bfc7
-
SHA256
d4141ce78e6d94dd6f2f0520d60e0573f908c0e99d065735e7aae9c42e4d9d42
-
SHA512
f38e4812d0142187074d66dd3e7aaeee04bd5b303f781b60acedfb26bfa8820c72dadc40b954d2c3821f23774b3f5bfdac9e1532eab86ca7a754125abeef947a
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
d4141ce78e6d94dd6f2f0520d60e0573f908c0e99d065735e7aae9c42e4d9d42
-
Size
389KB
-
MD5
c5ebb8f32a8bd4f671271d68b62bb9a9
-
SHA1
799c5031abe1acde40265d6fc189ebc02cf3bfc7
-
SHA256
d4141ce78e6d94dd6f2f0520d60e0573f908c0e99d065735e7aae9c42e4d9d42
-
SHA512
f38e4812d0142187074d66dd3e7aaeee04bd5b303f781b60acedfb26bfa8820c72dadc40b954d2c3821f23774b3f5bfdac9e1532eab86ca7a754125abeef947a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-