General
-
Target
42da8d7b0c4bc4aef12c8e716e8a268375d5426d8bb0685f5e9ce881e192c1da
-
Size
306KB
-
Sample
240424-saylzsca2w
-
MD5
5f0f2df6ab3412de7884c098b93df921
-
SHA1
3cacc2db150f364e5fd0d90135ee1197d4d0dced
-
SHA256
42da8d7b0c4bc4aef12c8e716e8a268375d5426d8bb0685f5e9ce881e192c1da
-
SHA512
fd930cd0b4226f6041f7717e2baf451cac27abd75bc29badfd9c02775996fd78c405684803a964ece5d32c65d770920f2187fa2f5a11d8c867fdccd3f184453b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
42da8d7b0c4bc4aef12c8e716e8a268375d5426d8bb0685f5e9ce881e192c1da
-
Size
306KB
-
MD5
5f0f2df6ab3412de7884c098b93df921
-
SHA1
3cacc2db150f364e5fd0d90135ee1197d4d0dced
-
SHA256
42da8d7b0c4bc4aef12c8e716e8a268375d5426d8bb0685f5e9ce881e192c1da
-
SHA512
fd930cd0b4226f6041f7717e2baf451cac27abd75bc29badfd9c02775996fd78c405684803a964ece5d32c65d770920f2187fa2f5a11d8c867fdccd3f184453b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-