General
-
Target
b7af1765ce1f1506c60e90922e24833356c2461d1d3dc33d83e4cc1adc444a06
-
Size
305KB
-
Sample
240424-p9zrjsad5y
-
MD5
2d3e272e773c7d13365125a1f78132bb
-
SHA1
223d7a98666bc03fc41084da9352b3e341c206d4
-
SHA256
b7af1765ce1f1506c60e90922e24833356c2461d1d3dc33d83e4cc1adc444a06
-
SHA512
e8e8a349911d53c4811962fdad65a99bc883c70c5f522e0d5e97eebc894ad11a88fbb23af2830ba32a3e9fcd78313c4d3efbc6390868b8f199a6ec9e17ec9077
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
b7af1765ce1f1506c60e90922e24833356c2461d1d3dc33d83e4cc1adc444a06
-
Size
305KB
-
MD5
2d3e272e773c7d13365125a1f78132bb
-
SHA1
223d7a98666bc03fc41084da9352b3e341c206d4
-
SHA256
b7af1765ce1f1506c60e90922e24833356c2461d1d3dc33d83e4cc1adc444a06
-
SHA512
e8e8a349911d53c4811962fdad65a99bc883c70c5f522e0d5e97eebc894ad11a88fbb23af2830ba32a3e9fcd78313c4d3efbc6390868b8f199a6ec9e17ec9077
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-