General
-
Target
5685ebd616f9f52e5e888ce3ba7a6430_NEIKI
-
Size
306KB
-
Sample
240507-2pfjdseh57
-
MD5
5685ebd616f9f52e5e888ce3ba7a6430
-
SHA1
21b0458a1d1b775753689566e53160cf2296a82c
-
SHA256
6355da85951c4ccab99a9de76b08143fc8a49de4ac9a3b60fc6369de151a7577
-
SHA512
84f3559797a6d0c128d65f846e95ae22efe3402a3fed7f179b5cfc106932541c3d4775934d6aa1e7eea6645d8cf975fe3aafecf8b66018b0a5595ad4687c2e93
-
SSDEEP
6144:zVL7wMXIa/yLM/3usJgNQKHuudsA9oMfrIYCX/aQQPi:RwaIYqZrsA9oMzIYAarPi
Malware Config
Extracted
redline
900751123
https://pastebin.com/raw/KE5Mft0T
Targets
-
-
Target
5685ebd616f9f52e5e888ce3ba7a6430_NEIKI
-
Size
306KB
-
MD5
5685ebd616f9f52e5e888ce3ba7a6430
-
SHA1
21b0458a1d1b775753689566e53160cf2296a82c
-
SHA256
6355da85951c4ccab99a9de76b08143fc8a49de4ac9a3b60fc6369de151a7577
-
SHA512
84f3559797a6d0c128d65f846e95ae22efe3402a3fed7f179b5cfc106932541c3d4775934d6aa1e7eea6645d8cf975fe3aafecf8b66018b0a5595ad4687c2e93
-
SSDEEP
6144:zVL7wMXIa/yLM/3usJgNQKHuudsA9oMfrIYCX/aQQPi:RwaIYqZrsA9oMzIYAarPi
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-