General
-
Target
565dccd2ee83837ae2c8886fdcf4e56a5b856d00f8f01d2693277f757e16e8ca
-
Size
306KB
-
Sample
240424-rqch1sbd68
-
MD5
cee51e601bf170ef43066f39376a0b57
-
SHA1
4f465632691fd15a1ee1cc6ff0476a6ae248c613
-
SHA256
565dccd2ee83837ae2c8886fdcf4e56a5b856d00f8f01d2693277f757e16e8ca
-
SHA512
9150041e800dff07b3fedd0d423405678093f42a3505f7deafc61ea2818e470cd6759ee0039704d5c2fc95f85c9dd1b23802494ddde133829f9a6d11296b1ab2
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
565dccd2ee83837ae2c8886fdcf4e56a5b856d00f8f01d2693277f757e16e8ca
-
Size
306KB
-
MD5
cee51e601bf170ef43066f39376a0b57
-
SHA1
4f465632691fd15a1ee1cc6ff0476a6ae248c613
-
SHA256
565dccd2ee83837ae2c8886fdcf4e56a5b856d00f8f01d2693277f757e16e8ca
-
SHA512
9150041e800dff07b3fedd0d423405678093f42a3505f7deafc61ea2818e470cd6759ee0039704d5c2fc95f85c9dd1b23802494ddde133829f9a6d11296b1ab2
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-