General
-
Target
6c70db8bdfc6f6506ee80fcb7c3c6152e81e464b29f0b6cbe2294997f7531b53
-
Size
304KB
-
Sample
240423-x8n8esbb5v
-
MD5
e9c6cf15980688c2d0eca2b8fd36cb37
-
SHA1
328078770d6df3042d7737daf0c1cdc61a4180f5
-
SHA256
6c70db8bdfc6f6506ee80fcb7c3c6152e81e464b29f0b6cbe2294997f7531b53
-
SHA512
e6a39a1345256896bc78a8184d5020026d125fe54cfe48e89247169eeb5c59bcab4a00a91b1078bbaf71677868bf29b4b56768183dc9d595af4f04645299089f
-
SSDEEP
3072:Rq6EgY6iHrUjZd+kwPj+BcQ4MuZRCLbTA4SASinQcZqf7D34VeqiOLibBOl:wqY6iswP6c5MSCPTATAdQcZqf7DI/L
Malware Config
Extracted
redline
@cloudcosmic (https://cloudcosmic.store)
87.121.105.175:14845
Targets
-
-
Target
6c70db8bdfc6f6506ee80fcb7c3c6152e81e464b29f0b6cbe2294997f7531b53
-
Size
304KB
-
MD5
e9c6cf15980688c2d0eca2b8fd36cb37
-
SHA1
328078770d6df3042d7737daf0c1cdc61a4180f5
-
SHA256
6c70db8bdfc6f6506ee80fcb7c3c6152e81e464b29f0b6cbe2294997f7531b53
-
SHA512
e6a39a1345256896bc78a8184d5020026d125fe54cfe48e89247169eeb5c59bcab4a00a91b1078bbaf71677868bf29b4b56768183dc9d595af4f04645299089f
-
SSDEEP
3072:Rq6EgY6iHrUjZd+kwPj+BcQ4MuZRCLbTA4SASinQcZqf7D34VeqiOLibBOl:wqY6iswP6c5MSCPTATAdQcZqf7DI/L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-