General
-
Target
b8d0793ee64e7b44fe24d0befa8d14a8f74c8bd76a8cbcc55ad1d5f8f08667f0
-
Size
305KB
-
Sample
240424-m7l2kahb38
-
MD5
6f1ea32d7b11196fdc441fd1028fd921
-
SHA1
3e1abee07340edb48d25043191fb9a5e949a7b44
-
SHA256
b8d0793ee64e7b44fe24d0befa8d14a8f74c8bd76a8cbcc55ad1d5f8f08667f0
-
SHA512
6f874021ca4181825ad9d7c40c65e1905ab0080186c0552e84a322641b8f9fcb278721fa2785e136cfea9e58ed241ca3501a880f23e7f150dc6fd8bc75f3fd16
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
b8d0793ee64e7b44fe24d0befa8d14a8f74c8bd76a8cbcc55ad1d5f8f08667f0
-
Size
305KB
-
MD5
6f1ea32d7b11196fdc441fd1028fd921
-
SHA1
3e1abee07340edb48d25043191fb9a5e949a7b44
-
SHA256
b8d0793ee64e7b44fe24d0befa8d14a8f74c8bd76a8cbcc55ad1d5f8f08667f0
-
SHA512
6f874021ca4181825ad9d7c40c65e1905ab0080186c0552e84a322641b8f9fcb278721fa2785e136cfea9e58ed241ca3501a880f23e7f150dc6fd8bc75f3fd16
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-