General
-
Target
31d4f47ad55bddd9a9d680e8615f465a.exe
-
Size
238KB
-
Sample
220911-1qgbmsccb8
-
MD5
31d4f47ad55bddd9a9d680e8615f465a
-
SHA1
2ca6292e79723d874b880ec74c436efebae1afd6
-
SHA256
c3d0a98284cbbe82ad3614e2500a08f39ba3ceba167230e03cd94b3e7b3e1818
-
SHA512
636ee400f51b1e0521d5c65355783cb426f9119b25ec3aaa684dab8ff0fd0e023ad2a71777147868d530396cc3be18051024e2fdc7985983ce0a492ecd2ad917
-
SSDEEP
6144:4bk4+epSnUUzBjznD/9PQFeZp9p2mD0RbRP9npX:g4UUFHlQFsjDAn
Malware Config
Extracted
redline
Lyllkal.11.09
185.215.113.216:21921
-
auth_value
993a169a4a695e30b763f440765b0926
Targets
-
-
Target
31d4f47ad55bddd9a9d680e8615f465a.exe
-
Size
238KB
-
MD5
31d4f47ad55bddd9a9d680e8615f465a
-
SHA1
2ca6292e79723d874b880ec74c436efebae1afd6
-
SHA256
c3d0a98284cbbe82ad3614e2500a08f39ba3ceba167230e03cd94b3e7b3e1818
-
SHA512
636ee400f51b1e0521d5c65355783cb426f9119b25ec3aaa684dab8ff0fd0e023ad2a71777147868d530396cc3be18051024e2fdc7985983ce0a492ecd2ad917
-
SSDEEP
6144:4bk4+epSnUUzBjznD/9PQFeZp9p2mD0RbRP9npX:g4UUFHlQFsjDAn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-