General
-
Target
4f958218cdddeea9025a9acc151f87abb936b0afc9f1dcf92a452046b19dfe08
-
Size
305KB
-
Sample
240424-qa3vlaad46
-
MD5
f64881dff03d050faf9e1b16335fd100
-
SHA1
7161f9238a0c16dd71abdd6b88fb137c9af8d632
-
SHA256
4f958218cdddeea9025a9acc151f87abb936b0afc9f1dcf92a452046b19dfe08
-
SHA512
34c1661246ca9a1a71b318acab377c98d9f6441cdb39d63f283333392c4289515ec661ed4502a46cf728635246236685d8d66249ae0975ddd31a61c9c4db6b29
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
4f958218cdddeea9025a9acc151f87abb936b0afc9f1dcf92a452046b19dfe08.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
4f958218cdddeea9025a9acc151f87abb936b0afc9f1dcf92a452046b19dfe08
-
Size
305KB
-
MD5
f64881dff03d050faf9e1b16335fd100
-
SHA1
7161f9238a0c16dd71abdd6b88fb137c9af8d632
-
SHA256
4f958218cdddeea9025a9acc151f87abb936b0afc9f1dcf92a452046b19dfe08
-
SHA512
34c1661246ca9a1a71b318acab377c98d9f6441cdb39d63f283333392c4289515ec661ed4502a46cf728635246236685d8d66249ae0975ddd31a61c9c4db6b29
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-