General
-
Target
c0b40f0f6b4e1a0a596aba7362ed54def5dce5798a99a4b9f5fb192197111b12
-
Size
306KB
-
Sample
240424-qwwcmsah2s
-
MD5
eb7709fd8b5efe9562e566a1fd2e5a1e
-
SHA1
4a0a335cac84539848abdedf4f0ade2ed56ff671
-
SHA256
c0b40f0f6b4e1a0a596aba7362ed54def5dce5798a99a4b9f5fb192197111b12
-
SHA512
f630ddc5f3235fc28a3c76a9fc0527271fa5c8683010af2917c20c8eb553bd59809c2c56d236d87aa2cbf40c267363f2722a5a770c4b271085e2c45c9cc95ed7
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
c0b40f0f6b4e1a0a596aba7362ed54def5dce5798a99a4b9f5fb192197111b12
-
Size
306KB
-
MD5
eb7709fd8b5efe9562e566a1fd2e5a1e
-
SHA1
4a0a335cac84539848abdedf4f0ade2ed56ff671
-
SHA256
c0b40f0f6b4e1a0a596aba7362ed54def5dce5798a99a4b9f5fb192197111b12
-
SHA512
f630ddc5f3235fc28a3c76a9fc0527271fa5c8683010af2917c20c8eb553bd59809c2c56d236d87aa2cbf40c267363f2722a5a770c4b271085e2c45c9cc95ed7
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-