General
-
Target
9d3f14e93ecd268a1f90fc04a59e4c8c5d75aee53619156c8a7b082c545914a6
-
Size
305KB
-
Sample
240424-p7tgraac79
-
MD5
891a4a15b0e28baa5235e9e9e8fe7d4d
-
SHA1
f137aba3feda0fdb7bebf660b88a344eb7b61fa2
-
SHA256
9d3f14e93ecd268a1f90fc04a59e4c8c5d75aee53619156c8a7b082c545914a6
-
SHA512
f8dcdc40d415ad7a0d4191bbf746342aa318d156d912cae34a955c92b547ab86cf38f4dea806f97016a4a3892590152d04c169f411c323ca53550481a0565204
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
9d3f14e93ecd268a1f90fc04a59e4c8c5d75aee53619156c8a7b082c545914a6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
9d3f14e93ecd268a1f90fc04a59e4c8c5d75aee53619156c8a7b082c545914a6
-
Size
305KB
-
MD5
891a4a15b0e28baa5235e9e9e8fe7d4d
-
SHA1
f137aba3feda0fdb7bebf660b88a344eb7b61fa2
-
SHA256
9d3f14e93ecd268a1f90fc04a59e4c8c5d75aee53619156c8a7b082c545914a6
-
SHA512
f8dcdc40d415ad7a0d4191bbf746342aa318d156d912cae34a955c92b547ab86cf38f4dea806f97016a4a3892590152d04c169f411c323ca53550481a0565204
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-