General
-
Target
4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
-
Size
2.0MB
-
Sample
220729-vhk2zabdg5
-
MD5
2eef072591fa615c5a3e8762076210d2
-
SHA1
9d1346230f5d49439bfa5556f9cd35fc2466217b
-
SHA256
4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
-
SHA512
325f695ebef428c80371c1d1ddf7bbbab71df12c3a695972c38efdb687d1b9f358736832055337fc834a703b5479faba408f5e57d18d8aba5725ac89513118a6
Malware Config
Extracted
redline
Lyla29.07
185.215.113.216:21921
-
auth_value
ce5605b2c036c2c3b7bdfb23dcf5f5a2
Targets
-
-
Target
4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
-
Size
2.0MB
-
MD5
2eef072591fa615c5a3e8762076210d2
-
SHA1
9d1346230f5d49439bfa5556f9cd35fc2466217b
-
SHA256
4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817
-
SHA512
325f695ebef428c80371c1d1ddf7bbbab71df12c3a695972c38efdb687d1b9f358736832055337fc834a703b5479faba408f5e57d18d8aba5725ac89513118a6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-