General
-
Target
e6abb58f18e95f265cb1f8061d05d5e944d059efd19e1fa145fb436ac0e36837
-
Size
306KB
-
Sample
240424-q9rllsbb7y
-
MD5
ab533d4cb25e3d44f68e5d5aac530d7b
-
SHA1
7fd7b223d31d0c1e5f83a54b5945cfe1cb042c8a
-
SHA256
e6abb58f18e95f265cb1f8061d05d5e944d059efd19e1fa145fb436ac0e36837
-
SHA512
94ab6483623187fe2d2b2ead147ac57c98e9d5b29cf5745a7e57bde961f675356b6e19fbe6eda363ba3b4ea84a2065004b338549411dbeff45702ad77d788f09
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
e6abb58f18e95f265cb1f8061d05d5e944d059efd19e1fa145fb436ac0e36837.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
e6abb58f18e95f265cb1f8061d05d5e944d059efd19e1fa145fb436ac0e36837
-
Size
306KB
-
MD5
ab533d4cb25e3d44f68e5d5aac530d7b
-
SHA1
7fd7b223d31d0c1e5f83a54b5945cfe1cb042c8a
-
SHA256
e6abb58f18e95f265cb1f8061d05d5e944d059efd19e1fa145fb436ac0e36837
-
SHA512
94ab6483623187fe2d2b2ead147ac57c98e9d5b29cf5745a7e57bde961f675356b6e19fbe6eda363ba3b4ea84a2065004b338549411dbeff45702ad77d788f09
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-