General
-
Target
b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
-
Size
305KB
-
Sample
240424-pbb8lahf56
-
MD5
179132e5f0a9fe8551ed7de8abb3869c
-
SHA1
a6bb6b5a7e5a76be631ece1ab9bfff2b6e3c2e83
-
SHA256
b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
-
SHA512
ea32252086b1fa023869896ed93d3aea4c2ac29d4f163dbb6831bbdb489d1756087a32c9da57e4529a284d129305250e9d60c2aeb8bfed2cb73347e39eff7dae
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
-
Size
305KB
-
MD5
179132e5f0a9fe8551ed7de8abb3869c
-
SHA1
a6bb6b5a7e5a76be631ece1ab9bfff2b6e3c2e83
-
SHA256
b0b37311718da60670d49a408e8ec4ccda546a773a83b10e3bdaca2e18d4004f
-
SHA512
ea32252086b1fa023869896ed93d3aea4c2ac29d4f163dbb6831bbdb489d1756087a32c9da57e4529a284d129305250e9d60c2aeb8bfed2cb73347e39eff7dae
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-