General
-
Target
d1e8afd1ae742cae7337de1c1c6e8277ec8cf52d14c99bcab126b4a2c31bb73d
-
Size
305KB
-
Sample
240424-nvtrbahd4t
-
MD5
a669c868f1ca8b89912af9f47ea49f7f
-
SHA1
b4c23c96428f0e945901bd954b36b5fcbb3d1a11
-
SHA256
d1e8afd1ae742cae7337de1c1c6e8277ec8cf52d14c99bcab126b4a2c31bb73d
-
SHA512
50878a07464ff8987d66ce17ae19f8fb4c873ed04ec82270efc60310224c88c2f97669f5c999694f6cba25ba445c01c57695cb22b2a3b4f2071b2dfd889c7a8c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
d1e8afd1ae742cae7337de1c1c6e8277ec8cf52d14c99bcab126b4a2c31bb73d.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
d1e8afd1ae742cae7337de1c1c6e8277ec8cf52d14c99bcab126b4a2c31bb73d
-
Size
305KB
-
MD5
a669c868f1ca8b89912af9f47ea49f7f
-
SHA1
b4c23c96428f0e945901bd954b36b5fcbb3d1a11
-
SHA256
d1e8afd1ae742cae7337de1c1c6e8277ec8cf52d14c99bcab126b4a2c31bb73d
-
SHA512
50878a07464ff8987d66ce17ae19f8fb4c873ed04ec82270efc60310224c88c2f97669f5c999694f6cba25ba445c01c57695cb22b2a3b4f2071b2dfd889c7a8c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-