General
-
Target
9c7496c6e185c2164534b572f5c40d7f048b701625930fd561e60df61e5c18bf
-
Size
305KB
-
Sample
240424-p5tpqsac6z
-
MD5
8dd9628fdacf496617957d966d7ca85d
-
SHA1
bb9c20cb7e8df728cb3dca4bf17589b32ee353f5
-
SHA256
9c7496c6e185c2164534b572f5c40d7f048b701625930fd561e60df61e5c18bf
-
SHA512
d08ff15b430872a0159f836786731b23511fce555e5e49f5bff2c95904ea16e85db2547cf6c91f6fe72a66bb7080c5239796254f3e4fc43cba434675a7999994
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
9c7496c6e185c2164534b572f5c40d7f048b701625930fd561e60df61e5c18bf.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
9c7496c6e185c2164534b572f5c40d7f048b701625930fd561e60df61e5c18bf
-
Size
305KB
-
MD5
8dd9628fdacf496617957d966d7ca85d
-
SHA1
bb9c20cb7e8df728cb3dca4bf17589b32ee353f5
-
SHA256
9c7496c6e185c2164534b572f5c40d7f048b701625930fd561e60df61e5c18bf
-
SHA512
d08ff15b430872a0159f836786731b23511fce555e5e49f5bff2c95904ea16e85db2547cf6c91f6fe72a66bb7080c5239796254f3e4fc43cba434675a7999994
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-