General
-
Target
9a9661b143f03c19029d56d6c13f1922bf62cfb2532d6e702be373d83b17fa18
-
Size
305KB
-
Sample
240424-n3sh8ahe7y
-
MD5
758c0fec3996599bbe44f04384e8c3de
-
SHA1
2c923919e817039760326ad69dae0355fd4ec0ee
-
SHA256
9a9661b143f03c19029d56d6c13f1922bf62cfb2532d6e702be373d83b17fa18
-
SHA512
e345b3bbba75fdb92a2fd1b208f7a4ad36bae0af58e6020904643905f347399d1dfb586caa1eb56ca0632ab977155841893b67bdb39362233d2b37b0575e8925
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
9a9661b143f03c19029d56d6c13f1922bf62cfb2532d6e702be373d83b17fa18.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
9a9661b143f03c19029d56d6c13f1922bf62cfb2532d6e702be373d83b17fa18
-
Size
305KB
-
MD5
758c0fec3996599bbe44f04384e8c3de
-
SHA1
2c923919e817039760326ad69dae0355fd4ec0ee
-
SHA256
9a9661b143f03c19029d56d6c13f1922bf62cfb2532d6e702be373d83b17fa18
-
SHA512
e345b3bbba75fdb92a2fd1b208f7a4ad36bae0af58e6020904643905f347399d1dfb586caa1eb56ca0632ab977155841893b67bdb39362233d2b37b0575e8925
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-