General
-
Target
b3c319d67147945f04fb3447be9ce9a252828bd8a93fdb9f651a9fe8ab0ac9e7
-
Size
305KB
-
Sample
240424-nhp8cshc3w
-
MD5
2bd8f51f55500bac627897fba6bd5ac7
-
SHA1
3c06a26f417162e6358b07b4a79a354661365b28
-
SHA256
b3c319d67147945f04fb3447be9ce9a252828bd8a93fdb9f651a9fe8ab0ac9e7
-
SHA512
13f6afc1891e0e2ccfd805c2e3b3d134b84f4ed4288f815740f8b9b8525731f81a56106cc5fb569f2e7840386ee34e20fb2e7275c89e5e1a82d770a186c21b8b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
b3c319d67147945f04fb3447be9ce9a252828bd8a93fdb9f651a9fe8ab0ac9e7.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
b3c319d67147945f04fb3447be9ce9a252828bd8a93fdb9f651a9fe8ab0ac9e7
-
Size
305KB
-
MD5
2bd8f51f55500bac627897fba6bd5ac7
-
SHA1
3c06a26f417162e6358b07b4a79a354661365b28
-
SHA256
b3c319d67147945f04fb3447be9ce9a252828bd8a93fdb9f651a9fe8ab0ac9e7
-
SHA512
13f6afc1891e0e2ccfd805c2e3b3d134b84f4ed4288f815740f8b9b8525731f81a56106cc5fb569f2e7840386ee34e20fb2e7275c89e5e1a82d770a186c21b8b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-