General
-
Target
file.exe
-
Size
313KB
-
Sample
240130-w4w7ssafe4
-
MD5
9aa8737202bac7dcc71ef4c77939f82b
-
SHA1
25b29b7274fb3ef7d16052f8400d24540621aff9
-
SHA256
a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff
-
SHA512
aa55987a32b3e259376594df68a2008007353953a2bf390b44b908e5fdaee181d3b216aec46f8679aa5f5e4164a0a412511621c6249d3cab7e1eba86d8494a7a
-
SSDEEP
3072:UA0KubVwL+uacYOFq70W09SIg8DJn5MxfCpWLMRqfjDv/YheqiOL2bBO2:8Qpaw40r8IDYx64MRqfjD4jL
Malware Config
Extracted
redline
@RLREBORN Cloud TG: @FATHEROFCARDERS)
141.95.211.148:46011
Targets
-
-
Target
file.exe
-
Size
313KB
-
MD5
9aa8737202bac7dcc71ef4c77939f82b
-
SHA1
25b29b7274fb3ef7d16052f8400d24540621aff9
-
SHA256
a177d02e062d3068da14ad638fe58ce76d614fa15c1890f668747c61bd132aff
-
SHA512
aa55987a32b3e259376594df68a2008007353953a2bf390b44b908e5fdaee181d3b216aec46f8679aa5f5e4164a0a412511621c6249d3cab7e1eba86d8494a7a
-
SSDEEP
3072:UA0KubVwL+uacYOFq70W09SIg8DJn5MxfCpWLMRqfjDv/YheqiOL2bBO2:8Qpaw40r8IDYx64MRqfjD4jL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-