General
-
Target
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
Size
305KB
-
Sample
240424-pv9m7saa74
-
MD5
b406bf34d83d6edd352141ff0cbd3f77
-
SHA1
f9a0e8c1dfcda6bfcf7fa8bf7f29d8ff21884412
-
SHA256
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
SHA512
9e67354e1c34b6bd300d7af58d5441e14c29442c9d1e928ec60d2e430ce8832d2df44b19853f9d32d65bddc1d7a7d64e3fad144d9e4beb7a6f62c40949b80974
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
Size
305KB
-
MD5
b406bf34d83d6edd352141ff0cbd3f77
-
SHA1
f9a0e8c1dfcda6bfcf7fa8bf7f29d8ff21884412
-
SHA256
4ec954a99f48c425d2cd2582ff749773897e32cadf1df3793c26e09254990bcc
-
SHA512
9e67354e1c34b6bd300d7af58d5441e14c29442c9d1e928ec60d2e430ce8832d2df44b19853f9d32d65bddc1d7a7d64e3fad144d9e4beb7a6f62c40949b80974
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-