General
-
Target
ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
-
Size
305KB
-
Sample
240424-m9klhshb31
-
MD5
7fed789833fd278836d05b0a498598b7
-
SHA1
0da9370052f61661f03467276954e708887ab9c8
-
SHA256
ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
-
SHA512
5e2a2fb3e229d1274376f10d4fdef72f628bb9784ae650e68c95511b4403f0d68fa8f964144acb9ae926dcf232817992eab9882abf0814a8980f7828bc721f12
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
-
Size
305KB
-
MD5
7fed789833fd278836d05b0a498598b7
-
SHA1
0da9370052f61661f03467276954e708887ab9c8
-
SHA256
ffbfa173e093f4d7968782b44fb03a07a668f3fdfba971729d63b572281d7b0c
-
SHA512
5e2a2fb3e229d1274376f10d4fdef72f628bb9784ae650e68c95511b4403f0d68fa8f964144acb9ae926dcf232817992eab9882abf0814a8980f7828bc721f12
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-