General
-
Target
7f708a5ce5363e9fcad36eb7af3dfc0d66f945a5274bda179b3f70f203c8d8b8
-
Size
266KB
-
Sample
220627-k5f2esaafl
-
MD5
c710ffed2565fc05e036141b3edeae4c
-
SHA1
d7ce6c24f5ae1b8117dd208275ca44ae649ddb95
-
SHA256
682dfd922e4b3dc34c842f171c185bb6e5de8214c6c1d35db2f2d3703153e4dc
-
SHA512
d4382b8d8cfb463cf81b04277576c74c77dd887e9675d1ff6bdfae1a785556c5cf184f9b0331a492cff9f63347bb9ce070967283a08bdc106a7630935409c006
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
7f708a5ce5363e9fcad36eb7af3dfc0d66f945a5274bda179b3f70f203c8d8b8
-
Size
389KB
-
MD5
9819eb6628311ff1a48397f99a304b72
-
SHA1
111c10b2822695949b13c82358daa0f43b6bd3e6
-
SHA256
7f708a5ce5363e9fcad36eb7af3dfc0d66f945a5274bda179b3f70f203c8d8b8
-
SHA512
b4b5cbed0c8fc9e2cb6e7ce687500015f612acc67cedc48d12f6f12b71a2dcde77ac2944666e6eab253f2112ffe28c5858400288f814fd4f71a3387227469c54
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-