General
-
Target
83b58ae490d2ce04b03695b57d919b82abcfcdfd6c3ea3386bee5fcc324afa67
-
Size
305KB
-
Sample
240424-npm2kshd34
-
MD5
5c9a1cb1ea3f55b2f05fe180e26ada2b
-
SHA1
90d05dc79c3096c6fdc6008224c0ca9b6b96ac0d
-
SHA256
83b58ae490d2ce04b03695b57d919b82abcfcdfd6c3ea3386bee5fcc324afa67
-
SHA512
ef59e39b6ba4524980702a439d9e480c1805389c5e0cf0beb0c1eb2df088d46f80a1aa422615c76bce358ec06bb60bbc4d0ca2846b6841d5456664eb07146020
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
83b58ae490d2ce04b03695b57d919b82abcfcdfd6c3ea3386bee5fcc324afa67.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
83b58ae490d2ce04b03695b57d919b82abcfcdfd6c3ea3386bee5fcc324afa67
-
Size
305KB
-
MD5
5c9a1cb1ea3f55b2f05fe180e26ada2b
-
SHA1
90d05dc79c3096c6fdc6008224c0ca9b6b96ac0d
-
SHA256
83b58ae490d2ce04b03695b57d919b82abcfcdfd6c3ea3386bee5fcc324afa67
-
SHA512
ef59e39b6ba4524980702a439d9e480c1805389c5e0cf0beb0c1eb2df088d46f80a1aa422615c76bce358ec06bb60bbc4d0ca2846b6841d5456664eb07146020
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-