General
-
Target
57ffe96e45e02371ad1176157875182e1d4580a656ba9d74da3e96d34ea0833b
-
Size
558KB
-
Sample
220806-vaym4agger
-
MD5
3bc4a437c6e3c3866b4f408dbeefccae
-
SHA1
3cae70db5b6fa2cd9814cf1d31cf667ea65de042
-
SHA256
57ffe96e45e02371ad1176157875182e1d4580a656ba9d74da3e96d34ea0833b
-
SHA512
312c22fbeb7d1f608290964251be67ffe65f62d78132e33e0a43c23314a61ee14aeafc9ebb68a6ef83a067895b4a968dd4763c88f0cdf828755578d3b25ec25b
Malware Config
Extracted
redline
top1
pemararslava.xyz:80
-
auth_value
e3ff30d1ffe0ffdb11211b351a0179a1
Targets
-
-
Target
57ffe96e45e02371ad1176157875182e1d4580a656ba9d74da3e96d34ea0833b
-
Size
558KB
-
MD5
3bc4a437c6e3c3866b4f408dbeefccae
-
SHA1
3cae70db5b6fa2cd9814cf1d31cf667ea65de042
-
SHA256
57ffe96e45e02371ad1176157875182e1d4580a656ba9d74da3e96d34ea0833b
-
SHA512
312c22fbeb7d1f608290964251be67ffe65f62d78132e33e0a43c23314a61ee14aeafc9ebb68a6ef83a067895b4a968dd4763c88f0cdf828755578d3b25ec25b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-