General
-
Target
104cfd366b6e5bbe097e059ffca56631dcca7bcf768c918912ed0b51152defcb
-
Size
305KB
-
Sample
240424-m8nlsahb49
-
MD5
0ffdb8b92ae539ead403d82fd966684d
-
SHA1
7fb2866d7c7f7cba021690f752ac1346eb71be38
-
SHA256
104cfd366b6e5bbe097e059ffca56631dcca7bcf768c918912ed0b51152defcb
-
SHA512
c8a7b88dc48fe527739b7ed64e36be4bb0454a15b5310f24ad451543fe2f66536d828dbe2c559378366bb73cc492d82376c690a664c6182f0e909c88c362a618
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
104cfd366b6e5bbe097e059ffca56631dcca7bcf768c918912ed0b51152defcb.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
104cfd366b6e5bbe097e059ffca56631dcca7bcf768c918912ed0b51152defcb
-
Size
305KB
-
MD5
0ffdb8b92ae539ead403d82fd966684d
-
SHA1
7fb2866d7c7f7cba021690f752ac1346eb71be38
-
SHA256
104cfd366b6e5bbe097e059ffca56631dcca7bcf768c918912ed0b51152defcb
-
SHA512
c8a7b88dc48fe527739b7ed64e36be4bb0454a15b5310f24ad451543fe2f66536d828dbe2c559378366bb73cc492d82376c690a664c6182f0e909c88c362a618
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-