General
-
Target
5d860e52bfa60fec84b6a46661b45246.bin
-
Size
111KB
-
Sample
240625-cfv52syanq
-
MD5
a2f693a89d032407ff6fe33273a72dea
-
SHA1
f5dd818c57105d2057da4a62bd5ba8571f94170e
-
SHA256
ca8d68f1622817852b124b37b11e2cff69fca2823a2aca334e6fb76ac63fbf95
-
SHA512
220ff9fab3f72bae6c520de7e990d6f2c9959f0f77bc019d21bae40af83666205fed0abb7383fd439e28194fb86cad977bd1e170aa1122767ce2b5f3d5f48162
-
SSDEEP
3072:af1/aD5oSFYpp+9uo4VVt51jgp0x+7ZrJLvDSCqp9ujHA:af1yDScYpSu7jtHk0x+9rJr+iA
Malware Config
Extracted
redline
AMA
185.215.113.67:40960
Targets
-
-
Target
b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30.exe
-
Size
297KB
-
MD5
5d860e52bfa60fec84b6a46661b45246
-
SHA1
1259e9f868d0d80ac09aadb9387662347cd4bd68
-
SHA256
b4a1e470f814bbcf1bc26c087eb513f4bab6165c90ecf43ac71dd87702561c30
-
SHA512
04ea5757d01508a44e0152b3aa78f530908da649d59b8ce7ee3e15c2d4d0314c97f346c1e79b1810edb27165d04781c022937d02536dc9b1dd4c55f023a47701
-
SSDEEP
3072:WqFFrqwIOGdTypEmz07sFPaF16CVyeR+LhdwT5TZMfvgZcZqf7D34NeqiOLCbBOy:tBIOG6hPPLd05TZaYcZqf7DI3L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-