General
-
Target
6cd2c786beaa8465fb5c7d16772eddbff0ec333137c2a0b941a05be702ad7361
-
Size
919KB
-
Sample
230615-y8akpsah8x
-
MD5
a4cb723eac0a4af0111cd90753e30baa
-
SHA1
67f286e92bba413fe03f5ad0a3fcf97136d8deb4
-
SHA256
6cd2c786beaa8465fb5c7d16772eddbff0ec333137c2a0b941a05be702ad7361
-
SHA512
1140543086f466395627dce34bc88e27a694075f7b883410af6bc7cbee78e2e2b8993cd611ab9e9a86f13b6c19c9f636d9665e690346b56dc9d1551b6095e687
-
SSDEEP
24576:Bzk8qJFCnLDrZTX7cukFHpmK8yjjQWAWv8UEcrStKqhlOy88zbCzBj7ZyIBNftyc:dneUnLf17cuSpd8yjjLAWv8UEcrStKq8
Malware Config
Extracted
redline
HEXO-SOFTWARE
amrican-sport-live-stream.cc:4581
-
auth_value
fea440ffae02b6f56d7b00fe8105ccb8
Targets
-
-
Target
6cd2c786beaa8465fb5c7d16772eddbff0ec333137c2a0b941a05be702ad7361
-
Size
919KB
-
MD5
a4cb723eac0a4af0111cd90753e30baa
-
SHA1
67f286e92bba413fe03f5ad0a3fcf97136d8deb4
-
SHA256
6cd2c786beaa8465fb5c7d16772eddbff0ec333137c2a0b941a05be702ad7361
-
SHA512
1140543086f466395627dce34bc88e27a694075f7b883410af6bc7cbee78e2e2b8993cd611ab9e9a86f13b6c19c9f636d9665e690346b56dc9d1551b6095e687
-
SSDEEP
24576:Bzk8qJFCnLDrZTX7cukFHpmK8yjjQWAWv8UEcrStKqhlOy88zbCzBj7ZyIBNftyc:dneUnLf17cuSpd8yjjLAWv8UEcrStKq8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-