General
-
Target
94c948fd7b29cfd62e05b54f619cc49723e4a1ccc2d4a3b6b18147679a6d77cc
-
Size
305KB
-
Sample
240424-nr2yhshc91
-
MD5
5ad54a9d6a06e3f03c9a7615288b08b0
-
SHA1
fd34711cb3c226b513cfe32ba378aede34033de6
-
SHA256
94c948fd7b29cfd62e05b54f619cc49723e4a1ccc2d4a3b6b18147679a6d77cc
-
SHA512
52e44050564a5b7811d65fe1989d2428f1b348c6b5856ba0e7e1be2d0b6c97c0b4b43bfdd091694a848c56559b03c8a7f777de754323412ee69e784e73496911
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
94c948fd7b29cfd62e05b54f619cc49723e4a1ccc2d4a3b6b18147679a6d77cc.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
94c948fd7b29cfd62e05b54f619cc49723e4a1ccc2d4a3b6b18147679a6d77cc
-
Size
305KB
-
MD5
5ad54a9d6a06e3f03c9a7615288b08b0
-
SHA1
fd34711cb3c226b513cfe32ba378aede34033de6
-
SHA256
94c948fd7b29cfd62e05b54f619cc49723e4a1ccc2d4a3b6b18147679a6d77cc
-
SHA512
52e44050564a5b7811d65fe1989d2428f1b348c6b5856ba0e7e1be2d0b6c97c0b4b43bfdd091694a848c56559b03c8a7f777de754323412ee69e784e73496911
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-