General
-
Target
81534e38888e6f1e4b80de8b685b8813dfcb0efe42870386f475dda1d99c0392
-
Size
305KB
-
Sample
240424-p74bysad2y
-
MD5
50805f007bdf221537e3483da508a8dd
-
SHA1
97a94d1fa59dcadbd89281b637d050e78a1d02b4
-
SHA256
81534e38888e6f1e4b80de8b685b8813dfcb0efe42870386f475dda1d99c0392
-
SHA512
ab8d52aa9d30ae7adb7fbf67aa782c1dceac3623740fa7733fd7cfff896f4fb8dbc6f1d55adfb9a5f1b25a75b86e9868725a8f81e7ddad9eadd810a763c60329
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
81534e38888e6f1e4b80de8b685b8813dfcb0efe42870386f475dda1d99c0392.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
81534e38888e6f1e4b80de8b685b8813dfcb0efe42870386f475dda1d99c0392
-
Size
305KB
-
MD5
50805f007bdf221537e3483da508a8dd
-
SHA1
97a94d1fa59dcadbd89281b637d050e78a1d02b4
-
SHA256
81534e38888e6f1e4b80de8b685b8813dfcb0efe42870386f475dda1d99c0392
-
SHA512
ab8d52aa9d30ae7adb7fbf67aa782c1dceac3623740fa7733fd7cfff896f4fb8dbc6f1d55adfb9a5f1b25a75b86e9868725a8f81e7ddad9eadd810a763c60329
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-