General
-
Target
908f43536446572f69f7eee1c4768254635381856b7f7b7f2628c9af976d198f
-
Size
305KB
-
Sample
240424-qhatsaae47
-
MD5
03be766a3effef74c730486461cf529e
-
SHA1
b8cbea768068e912524ad70b6b4ec912d30165ae
-
SHA256
908f43536446572f69f7eee1c4768254635381856b7f7b7f2628c9af976d198f
-
SHA512
5f87363f29d6cb94dc0e71fd12a47279931fc506e55ef755f5d986c27608b64c69b1c7c8a5d6ad0e105141cb0647245454d92d22f5cfd3bd67c1553d7b6af72c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
908f43536446572f69f7eee1c4768254635381856b7f7b7f2628c9af976d198f.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
908f43536446572f69f7eee1c4768254635381856b7f7b7f2628c9af976d198f
-
Size
305KB
-
MD5
03be766a3effef74c730486461cf529e
-
SHA1
b8cbea768068e912524ad70b6b4ec912d30165ae
-
SHA256
908f43536446572f69f7eee1c4768254635381856b7f7b7f2628c9af976d198f
-
SHA512
5f87363f29d6cb94dc0e71fd12a47279931fc506e55ef755f5d986c27608b64c69b1c7c8a5d6ad0e105141cb0647245454d92d22f5cfd3bd67c1553d7b6af72c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-