General
-
Target
e09d19da7d6d1f885d453f7efee01a5c96c83361b66b5a442c2b71c98fb8f8ac
-
Size
305KB
-
Sample
240424-qbk16sad54
-
MD5
0af088b93d0bb1faa18729ab76ec665d
-
SHA1
8be37a071904fb105e1ab622e4d4d2c9bbda8d16
-
SHA256
e09d19da7d6d1f885d453f7efee01a5c96c83361b66b5a442c2b71c98fb8f8ac
-
SHA512
21f7d3ba26befb33ae50e009dd1d7d5029d2e947ed478aa71ebae55488b63dd342984f371788b610fc82b67b60824cb3730b0b75e4c0b0afafdd64d7eb9e74fd
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
e09d19da7d6d1f885d453f7efee01a5c96c83361b66b5a442c2b71c98fb8f8ac.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
e09d19da7d6d1f885d453f7efee01a5c96c83361b66b5a442c2b71c98fb8f8ac
-
Size
305KB
-
MD5
0af088b93d0bb1faa18729ab76ec665d
-
SHA1
8be37a071904fb105e1ab622e4d4d2c9bbda8d16
-
SHA256
e09d19da7d6d1f885d453f7efee01a5c96c83361b66b5a442c2b71c98fb8f8ac
-
SHA512
21f7d3ba26befb33ae50e009dd1d7d5029d2e947ed478aa71ebae55488b63dd342984f371788b610fc82b67b60824cb3730b0b75e4c0b0afafdd64d7eb9e74fd
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-