General
-
Target
782406ba805056b41702de27ed5889dcc253b353e7e0667241d13e0a088ca696
-
Size
242KB
-
Sample
220815-s53t7afdg3
-
MD5
38d4a07b6bf7aa9afb0120e39d63c33d
-
SHA1
615c12c532722632c57a382e6e358416f2713660
-
SHA256
782406ba805056b41702de27ed5889dcc253b353e7e0667241d13e0a088ca696
-
SHA512
ef9727213f67709d8e1d34ba9c409de9e92545a95789a6d99624832c47fd1341d69f0b899f85583d5e2a98d7e12e74723e19b3189571a504686a209de1fda842
Malware Config
Extracted
redline
FireFox
195.178.120.19:24150
Targets
-
-
Target
782406ba805056b41702de27ed5889dcc253b353e7e0667241d13e0a088ca696
-
Size
242KB
-
MD5
38d4a07b6bf7aa9afb0120e39d63c33d
-
SHA1
615c12c532722632c57a382e6e358416f2713660
-
SHA256
782406ba805056b41702de27ed5889dcc253b353e7e0667241d13e0a088ca696
-
SHA512
ef9727213f67709d8e1d34ba9c409de9e92545a95789a6d99624832c47fd1341d69f0b899f85583d5e2a98d7e12e74723e19b3189571a504686a209de1fda842
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-