General
-
Target
3a90350ebd410ecc099ff77328735bd3a5d493fbbc832a172b578f0c5a7b1bef
-
Size
305KB
-
Sample
240424-na3tgshb64
-
MD5
467626215415fea393a4208a2ea1861d
-
SHA1
3d3c7cbb691f66e02170cd4f0accdc30190b488e
-
SHA256
3a90350ebd410ecc099ff77328735bd3a5d493fbbc832a172b578f0c5a7b1bef
-
SHA512
9f66c5e339cb6f397c13ba58826446148785d9e2234053e13b95475dc23ccf864827fa27b97bfa8fe2200c1d68896280d8d83346ff3a3ef3b98cb0f5e1772e62
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
3a90350ebd410ecc099ff77328735bd3a5d493fbbc832a172b578f0c5a7b1bef.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
3a90350ebd410ecc099ff77328735bd3a5d493fbbc832a172b578f0c5a7b1bef
-
Size
305KB
-
MD5
467626215415fea393a4208a2ea1861d
-
SHA1
3d3c7cbb691f66e02170cd4f0accdc30190b488e
-
SHA256
3a90350ebd410ecc099ff77328735bd3a5d493fbbc832a172b578f0c5a7b1bef
-
SHA512
9f66c5e339cb6f397c13ba58826446148785d9e2234053e13b95475dc23ccf864827fa27b97bfa8fe2200c1d68896280d8d83346ff3a3ef3b98cb0f5e1772e62
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-