General
-
Target
dc6c417c260e9a6b8a7e56aaa4eb49692fc9861df924e2d3f6d02c8b62f50675
-
Size
305KB
-
Sample
240424-p49pkaac5x
-
MD5
bd274ad866cfbaf525a0ea875fd9a843
-
SHA1
26c559eda77f52c4cbcbf1d476ec67655ef6663e
-
SHA256
dc6c417c260e9a6b8a7e56aaa4eb49692fc9861df924e2d3f6d02c8b62f50675
-
SHA512
ee110a941a62fda9aae4b1dc2433a339f702ada5aacb869b4a76e78aa7d95eeb375b720d549a8494f58d32a1fb414526931dad062f0735260b52651b93cbe338
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
dc6c417c260e9a6b8a7e56aaa4eb49692fc9861df924e2d3f6d02c8b62f50675.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
dc6c417c260e9a6b8a7e56aaa4eb49692fc9861df924e2d3f6d02c8b62f50675
-
Size
305KB
-
MD5
bd274ad866cfbaf525a0ea875fd9a843
-
SHA1
26c559eda77f52c4cbcbf1d476ec67655ef6663e
-
SHA256
dc6c417c260e9a6b8a7e56aaa4eb49692fc9861df924e2d3f6d02c8b62f50675
-
SHA512
ee110a941a62fda9aae4b1dc2433a339f702ada5aacb869b4a76e78aa7d95eeb375b720d549a8494f58d32a1fb414526931dad062f0735260b52651b93cbe338
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-