General
-
Target
0ebb47541a1235ed9088b0370df47d053c31686297462afadb52af0613656d2a
-
Size
274KB
-
Sample
220811-zbptssedf9
-
MD5
2f348265dc336421bfe262214c556783
-
SHA1
f2594654a7de7bc7528f2b0402ce3509633c3fa1
-
SHA256
78612162c291359fe910010160b73d1c77b81c1da8839bbe40bc282ea523d5be
-
SHA512
d273d3da1921d1051dee90aefcf6a58f1ffc726db11edd0101f490bbe8d9658614ae1e7fbe25ed7fb0d144567a202620aaf1723b286b9249ccf5a7c8a9fd1f34
Malware Config
Extracted
redline
ruzki
193.106.191.165:39482
-
auth_value
71a0558c0eea274a5bd617ea85786884
Targets
-
-
Target
0ebb47541a1235ed9088b0370df47d053c31686297462afadb52af0613656d2a
-
Size
355KB
-
MD5
59ee536ee949a44be9f6cb39b9be6904
-
SHA1
8b442e3eb50f6cd6b57c787d2a3f2b699644fd52
-
SHA256
0ebb47541a1235ed9088b0370df47d053c31686297462afadb52af0613656d2a
-
SHA512
964e8941c4f24d8d79df35af467ee29cf4c8a54e48c54f82aa6bcc456617a00cf9798d191948413400d0f5d4d74fc046f09718bff82abe75784063a08e22c976
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-