General
-
Target
302450223c0c0dd5501f6f17302ab0c6aea501e071a4a958965b0e02a8a0eee1
-
Size
305KB
-
Sample
240424-pk2jvahg71
-
MD5
e62ad4dc7e5bb973cd1d8a7f71531d9c
-
SHA1
15b72b885bde25e3d91cd983ddde2779b0defac9
-
SHA256
302450223c0c0dd5501f6f17302ab0c6aea501e071a4a958965b0e02a8a0eee1
-
SHA512
6390ac44012645976cd408a9b11fb2ea6212deae522f3e623440be5665b0ed785e0ff55eabcff18d4b5f064a910703681bac22885a4c60fc3bd175565c5ade44
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
302450223c0c0dd5501f6f17302ab0c6aea501e071a4a958965b0e02a8a0eee1
-
Size
305KB
-
MD5
e62ad4dc7e5bb973cd1d8a7f71531d9c
-
SHA1
15b72b885bde25e3d91cd983ddde2779b0defac9
-
SHA256
302450223c0c0dd5501f6f17302ab0c6aea501e071a4a958965b0e02a8a0eee1
-
SHA512
6390ac44012645976cd408a9b11fb2ea6212deae522f3e623440be5665b0ed785e0ff55eabcff18d4b5f064a910703681bac22885a4c60fc3bd175565c5ade44
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-