General
-
Target
301ef43cb35e7c20abf067fbbef1380655e0aa808bf0702aab2ab2eb5ec26769
-
Size
305KB
-
Sample
240424-pqvy9ahh7z
-
MD5
7c279fa831c2b3545b8013a71f3d93d8
-
SHA1
260fc40690dde1c7db300de839b67c67cb763f18
-
SHA256
301ef43cb35e7c20abf067fbbef1380655e0aa808bf0702aab2ab2eb5ec26769
-
SHA512
176f83169703337d6579725143ea82a58a09769454f121e9345357177932cf23ff0c30312df5a9d1a90794dce27a99f2eabde251747855079536977b500c7962
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
301ef43cb35e7c20abf067fbbef1380655e0aa808bf0702aab2ab2eb5ec26769.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
301ef43cb35e7c20abf067fbbef1380655e0aa808bf0702aab2ab2eb5ec26769
-
Size
305KB
-
MD5
7c279fa831c2b3545b8013a71f3d93d8
-
SHA1
260fc40690dde1c7db300de839b67c67cb763f18
-
SHA256
301ef43cb35e7c20abf067fbbef1380655e0aa808bf0702aab2ab2eb5ec26769
-
SHA512
176f83169703337d6579725143ea82a58a09769454f121e9345357177932cf23ff0c30312df5a9d1a90794dce27a99f2eabde251747855079536977b500c7962
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-