General
-
Target
d45cbc1d057c6cfc279e1cb4ffb70b06044027e1434563ce63f4b6c67eae0801
-
Size
305KB
-
Sample
240424-nb5dpshb69
-
MD5
1c53524bf60702f9ada337b853458331
-
SHA1
060fe00b87646d7e73c76d341f58ed0cacaf48ba
-
SHA256
d45cbc1d057c6cfc279e1cb4ffb70b06044027e1434563ce63f4b6c67eae0801
-
SHA512
55ab2ba1e6ee4d6ac9a3093a74bebc6f6f839116ce88330fe8e097b0b54026ea622ebd7b5b07a8a9c86253222e595693b75494eac5c4d51123bd20b630483098
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
d45cbc1d057c6cfc279e1cb4ffb70b06044027e1434563ce63f4b6c67eae0801
-
Size
305KB
-
MD5
1c53524bf60702f9ada337b853458331
-
SHA1
060fe00b87646d7e73c76d341f58ed0cacaf48ba
-
SHA256
d45cbc1d057c6cfc279e1cb4ffb70b06044027e1434563ce63f4b6c67eae0801
-
SHA512
55ab2ba1e6ee4d6ac9a3093a74bebc6f6f839116ce88330fe8e097b0b54026ea622ebd7b5b07a8a9c86253222e595693b75494eac5c4d51123bd20b630483098
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-