General
-
Target
be2c5142095650116d8966e9b33b9ee08b8d6d01616cba1eb5e51a94c0133f56
-
Size
305KB
-
Sample
240424-nflr6ahb8x
-
MD5
2db5cfb98c854effb8e07887ecc1afb1
-
SHA1
c0c6dffcbb46ac6d3e4d4e86b61d525483bdbdb7
-
SHA256
be2c5142095650116d8966e9b33b9ee08b8d6d01616cba1eb5e51a94c0133f56
-
SHA512
02bd8db1226e1f81deb5112b1661eb342938b8444d7bc7ef4d313ff97228c5b7bf5d598dc1e840ee945c42e355f30a4e3b199b9afb070d5e80d492eaaeae2649
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
be2c5142095650116d8966e9b33b9ee08b8d6d01616cba1eb5e51a94c0133f56.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
be2c5142095650116d8966e9b33b9ee08b8d6d01616cba1eb5e51a94c0133f56
-
Size
305KB
-
MD5
2db5cfb98c854effb8e07887ecc1afb1
-
SHA1
c0c6dffcbb46ac6d3e4d4e86b61d525483bdbdb7
-
SHA256
be2c5142095650116d8966e9b33b9ee08b8d6d01616cba1eb5e51a94c0133f56
-
SHA512
02bd8db1226e1f81deb5112b1661eb342938b8444d7bc7ef4d313ff97228c5b7bf5d598dc1e840ee945c42e355f30a4e3b199b9afb070d5e80d492eaaeae2649
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-