General
-
Target
82c34c06d889353aa1d407bbb53c8193cea4f79815314b9d40846ba6495d886c
-
Size
306KB
-
Sample
240424-q223daah74
-
MD5
cecd65730ee040f57be5ca761d4747d0
-
SHA1
ade59de700621997f93d54a7cbd4f84b336a9d23
-
SHA256
82c34c06d889353aa1d407bbb53c8193cea4f79815314b9d40846ba6495d886c
-
SHA512
7b887ba00e6aa4621e07c37638b1907f9c85c659a6a98731f39b7f35bb48f41c653041fcd694db0d51d97edc8ee93c7b4778b9310c0c45878206cd51ff02a624
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
82c34c06d889353aa1d407bbb53c8193cea4f79815314b9d40846ba6495d886c.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
82c34c06d889353aa1d407bbb53c8193cea4f79815314b9d40846ba6495d886c
-
Size
306KB
-
MD5
cecd65730ee040f57be5ca761d4747d0
-
SHA1
ade59de700621997f93d54a7cbd4f84b336a9d23
-
SHA256
82c34c06d889353aa1d407bbb53c8193cea4f79815314b9d40846ba6495d886c
-
SHA512
7b887ba00e6aa4621e07c37638b1907f9c85c659a6a98731f39b7f35bb48f41c653041fcd694db0d51d97edc8ee93c7b4778b9310c0c45878206cd51ff02a624
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-