General
-
Target
6a59b6b15aa824ea028d93c70da2e35f5cb48e689599408d1b4b8877afc54e22
-
Size
306KB
-
Sample
240424-shqlcacb4z
-
MD5
46f7cf7edf6e8e206b024a7aece81f29
-
SHA1
a7768f555b5074cc47ce31b97b2c020bf89ceb08
-
SHA256
6a59b6b15aa824ea028d93c70da2e35f5cb48e689599408d1b4b8877afc54e22
-
SHA512
1707da3bfcb98abafc55ddb127aee2fca07a5032b67dcbda5ef0f03feec617b11eae7e50022cf92e41116a4e1ffaccc6d635c84b9c66dd2c620da6c9cad17bb6
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
6a59b6b15aa824ea028d93c70da2e35f5cb48e689599408d1b4b8877afc54e22
-
Size
306KB
-
MD5
46f7cf7edf6e8e206b024a7aece81f29
-
SHA1
a7768f555b5074cc47ce31b97b2c020bf89ceb08
-
SHA256
6a59b6b15aa824ea028d93c70da2e35f5cb48e689599408d1b4b8877afc54e22
-
SHA512
1707da3bfcb98abafc55ddb127aee2fca07a5032b67dcbda5ef0f03feec617b11eae7e50022cf92e41116a4e1ffaccc6d635c84b9c66dd2c620da6c9cad17bb6
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-