General
-
Target
d77aff3f5ebb9a7740858888391fa89d53613d689c9a3b102512e1ab968913d5
-
Size
306KB
-
Sample
240424-r2n17abg7t
-
MD5
a2f66d8c290ab870e4dc694ec732e743
-
SHA1
cb0b9a54e2b2065f83ba5aa0bfb5882d5d3ede39
-
SHA256
d77aff3f5ebb9a7740858888391fa89d53613d689c9a3b102512e1ab968913d5
-
SHA512
5bf606d2ee9ad223e0503b17a0ebae89638a7fe0ba2647f7524657c9f512dfd6f0a0f3b2c563cf61c2520ff34cd6f04a9001b69a4a5ff4a0abf3f640b8be79a4
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
d77aff3f5ebb9a7740858888391fa89d53613d689c9a3b102512e1ab968913d5
-
Size
306KB
-
MD5
a2f66d8c290ab870e4dc694ec732e743
-
SHA1
cb0b9a54e2b2065f83ba5aa0bfb5882d5d3ede39
-
SHA256
d77aff3f5ebb9a7740858888391fa89d53613d689c9a3b102512e1ab968913d5
-
SHA512
5bf606d2ee9ad223e0503b17a0ebae89638a7fe0ba2647f7524657c9f512dfd6f0a0f3b2c563cf61c2520ff34cd6f04a9001b69a4a5ff4a0abf3f640b8be79a4
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-