General
-
Target
70a65a0fabec07ac050a941010456ffe79220e8676bd44fb03a9094f8cd1d24a
-
Size
305KB
-
Sample
240424-p4pz6aac4z
-
MD5
e11e7c00e3e08ddb46bf423f6976ab3f
-
SHA1
1ae868cb61573b95576a7d04acae6c4871734d5e
-
SHA256
70a65a0fabec07ac050a941010456ffe79220e8676bd44fb03a9094f8cd1d24a
-
SHA512
7e08f3948d3e74206ab006bf2ebc38e9d9f2bb6ad20634cee0068726b8631c83f136258f20cb7a93b7d57390caf779b63d6767f4db8b647b4d178b3feeda97f0
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
70a65a0fabec07ac050a941010456ffe79220e8676bd44fb03a9094f8cd1d24a
-
Size
305KB
-
MD5
e11e7c00e3e08ddb46bf423f6976ab3f
-
SHA1
1ae868cb61573b95576a7d04acae6c4871734d5e
-
SHA256
70a65a0fabec07ac050a941010456ffe79220e8676bd44fb03a9094f8cd1d24a
-
SHA512
7e08f3948d3e74206ab006bf2ebc38e9d9f2bb6ad20634cee0068726b8631c83f136258f20cb7a93b7d57390caf779b63d6767f4db8b647b4d178b3feeda97f0
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-