General
-
Target
2112-39-0x00000000010B0000-0x0000000001484000-memory.dmp
-
Size
3.8MB
-
Sample
240401-qvjx8aff52
-
MD5
2c35673d1d07532a63b22fe96ac243a4
-
SHA1
04a335ac3cedb53977c819cd5d43dbe8555f1b17
-
SHA256
8ab21e044684a0ca86a447c5621d8ce65543bcc589c069f3b9a573e7181d7309
-
SHA512
cecaa984b58ec55b6a4df9cb05c7ab35d035a4ec7138e5e2817db8be1ddab601c15cb46c0392e09428fe76824c7180877618519ad8479779f0253b8fc4a7dd40
-
SSDEEP
49152:LKij6NErgALTqt55T1I75n/MnjdypqQ6BESt7WMbs9:Ld6wgAq7XIBEnsp56BESAV9
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
2112-39-0x00000000010B0000-0x0000000001484000-memory.dmp
-
Size
3.8MB
-
MD5
2c35673d1d07532a63b22fe96ac243a4
-
SHA1
04a335ac3cedb53977c819cd5d43dbe8555f1b17
-
SHA256
8ab21e044684a0ca86a447c5621d8ce65543bcc589c069f3b9a573e7181d7309
-
SHA512
cecaa984b58ec55b6a4df9cb05c7ab35d035a4ec7138e5e2817db8be1ddab601c15cb46c0392e09428fe76824c7180877618519ad8479779f0253b8fc4a7dd40
-
SSDEEP
49152:LKij6NErgALTqt55T1I75n/MnjdypqQ6BESt7WMbs9:Ld6wgAq7XIBEnsp56BESAV9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-