General
-
Target
4f307aa1e6ae6a54d977a6dc0b36f5998b3d9012c0c9f340a5082a21d8ad1f00
-
Size
305KB
-
Sample
240424-py158sab38
-
MD5
92cb38c6e912defda9c5e42b63a2c92f
-
SHA1
478f47722b42383f386709ff8fa8182f4e020714
-
SHA256
4f307aa1e6ae6a54d977a6dc0b36f5998b3d9012c0c9f340a5082a21d8ad1f00
-
SHA512
810ae2583d416c88a92927ff9c6a3c96b26699284686de5aa6ed1c95fd42be0c2fb223b3ca6cf02012e3d1e4b0988c80ae1ec1cae4889d2f40a3e70a315d69ba
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
4f307aa1e6ae6a54d977a6dc0b36f5998b3d9012c0c9f340a5082a21d8ad1f00
-
Size
305KB
-
MD5
92cb38c6e912defda9c5e42b63a2c92f
-
SHA1
478f47722b42383f386709ff8fa8182f4e020714
-
SHA256
4f307aa1e6ae6a54d977a6dc0b36f5998b3d9012c0c9f340a5082a21d8ad1f00
-
SHA512
810ae2583d416c88a92927ff9c6a3c96b26699284686de5aa6ed1c95fd42be0c2fb223b3ca6cf02012e3d1e4b0988c80ae1ec1cae4889d2f40a3e70a315d69ba
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-