General
-
Target
7e2f562613dc8895e612b08460062646e5604cca78935789e6e373506f531bf0
-
Size
305KB
-
Sample
240424-n7bfhahf3y
-
MD5
a9ea864b1c3d2652269c6a4ec9abafad
-
SHA1
61f515ac581853703283c4a488307f321b17e80c
-
SHA256
7e2f562613dc8895e612b08460062646e5604cca78935789e6e373506f531bf0
-
SHA512
2241b29db279992a7d5805e5fd520a679df7eba4d4e54996fb4f01e1baffd1a2953029aa111648f0b7208f27bd91878675a1f585c7060d146d88bb22c3e7a810
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
7e2f562613dc8895e612b08460062646e5604cca78935789e6e373506f531bf0.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
7e2f562613dc8895e612b08460062646e5604cca78935789e6e373506f531bf0
-
Size
305KB
-
MD5
a9ea864b1c3d2652269c6a4ec9abafad
-
SHA1
61f515ac581853703283c4a488307f321b17e80c
-
SHA256
7e2f562613dc8895e612b08460062646e5604cca78935789e6e373506f531bf0
-
SHA512
2241b29db279992a7d5805e5fd520a679df7eba4d4e54996fb4f01e1baffd1a2953029aa111648f0b7208f27bd91878675a1f585c7060d146d88bb22c3e7a810
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-