General
-
Target
0e3fd91445146fcac1398039c32ff9e2147b579f3b2647423822fad27589f948
-
Size
305KB
-
Sample
240424-p6zmdaac72
-
MD5
6995ae1afa824139446cc4c2ab0cf9b5
-
SHA1
1d0dfd4555f8b425d210dd21d184394eb4618caf
-
SHA256
0e3fd91445146fcac1398039c32ff9e2147b579f3b2647423822fad27589f948
-
SHA512
6f3ad0a04645562af49685f4a4526ad2dacf3a3df583252cbf2bb405e34f96055f9ee89d0d592f6b98ab1f3decc0036dce1706a1d5816443e14ce02be729b186
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
0e3fd91445146fcac1398039c32ff9e2147b579f3b2647423822fad27589f948
-
Size
305KB
-
MD5
6995ae1afa824139446cc4c2ab0cf9b5
-
SHA1
1d0dfd4555f8b425d210dd21d184394eb4618caf
-
SHA256
0e3fd91445146fcac1398039c32ff9e2147b579f3b2647423822fad27589f948
-
SHA512
6f3ad0a04645562af49685f4a4526ad2dacf3a3df583252cbf2bb405e34f96055f9ee89d0d592f6b98ab1f3decc0036dce1706a1d5816443e14ce02be729b186
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-