General
-
Target
36195058ad769f0b5fdfc177f5afb3a4454b4e40abdbef549ba744fcbf3a47ab
-
Size
305KB
-
Sample
240424-pp3byahh52
-
MD5
c2a71bfb3a7a71df67437b7d45736aa8
-
SHA1
7874f2da01c9a6716a82c635f16d5f3d7b9019b7
-
SHA256
36195058ad769f0b5fdfc177f5afb3a4454b4e40abdbef549ba744fcbf3a47ab
-
SHA512
4a01a8ece3be34a67eaa41611098ccefc5b8d7f8892b5095942c4010fd2ac1b392360ee0b62fa1fbf9d1c90c494c3a0c2686b23e2e9bffc4ff47893fa02f4663
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
36195058ad769f0b5fdfc177f5afb3a4454b4e40abdbef549ba744fcbf3a47ab.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
36195058ad769f0b5fdfc177f5afb3a4454b4e40abdbef549ba744fcbf3a47ab
-
Size
305KB
-
MD5
c2a71bfb3a7a71df67437b7d45736aa8
-
SHA1
7874f2da01c9a6716a82c635f16d5f3d7b9019b7
-
SHA256
36195058ad769f0b5fdfc177f5afb3a4454b4e40abdbef549ba744fcbf3a47ab
-
SHA512
4a01a8ece3be34a67eaa41611098ccefc5b8d7f8892b5095942c4010fd2ac1b392360ee0b62fa1fbf9d1c90c494c3a0c2686b23e2e9bffc4ff47893fa02f4663
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-