General
-
Target
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e
-
Size
306KB
-
Sample
240424-q3313aba3x
-
MD5
3683e85fb9cedb0f7b84c1f492731272
-
SHA1
72d9065f21cc622f3b61e6c5abbc2c4da8c85b96
-
SHA256
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e
-
SHA512
116908958299a92c5a3239dd73cf2fa8964efad3a7cbd04f6998523d794b3b282f30ce579ed0ec51d624652df4f205be516d21d99e1b19f875444aba951e8ddb
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e.exe
Resource
win11-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e
-
Size
306KB
-
MD5
3683e85fb9cedb0f7b84c1f492731272
-
SHA1
72d9065f21cc622f3b61e6c5abbc2c4da8c85b96
-
SHA256
81cb289f3157a902c90c54b712dfc0bbd077268b1dd5454b9195242bc18dfd7e
-
SHA512
116908958299a92c5a3239dd73cf2fa8964efad3a7cbd04f6998523d794b3b282f30ce579ed0ec51d624652df4f205be516d21d99e1b19f875444aba951e8ddb
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-