General
-
Target
9e2d2850e71686bf57d8cb4eef85956c215cfee71f524dc796f22eb52bb523b7
-
Size
305KB
-
Sample
240424-pxqywaaa9v
-
MD5
b56b08814a5c253b191c7851175560a5
-
SHA1
ce745d653ad84b072f9d031baaa01e8a3842f7b3
-
SHA256
9e2d2850e71686bf57d8cb4eef85956c215cfee71f524dc796f22eb52bb523b7
-
SHA512
432e0c7d389d907dd1506f2e4ec0f4233fce4392d488a475aebb0063cb5a0b37f7169f84bab011258b86681a2bb92dd085fa28242a5f07c702a8942e50672c27
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
9e2d2850e71686bf57d8cb4eef85956c215cfee71f524dc796f22eb52bb523b7
-
Size
305KB
-
MD5
b56b08814a5c253b191c7851175560a5
-
SHA1
ce745d653ad84b072f9d031baaa01e8a3842f7b3
-
SHA256
9e2d2850e71686bf57d8cb4eef85956c215cfee71f524dc796f22eb52bb523b7
-
SHA512
432e0c7d389d907dd1506f2e4ec0f4233fce4392d488a475aebb0063cb5a0b37f7169f84bab011258b86681a2bb92dd085fa28242a5f07c702a8942e50672c27
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-