General
-
Target
58074aa9961e3d35dd50964f31365575fd92d322599394daade82f824aac5400
-
Size
306KB
-
Sample
240424-qlmyhsae92
-
MD5
1ff96d3da9b108afcb3f6a80d1fd3b4d
-
SHA1
f40817d586566e41708df7a085bef1f9737e4588
-
SHA256
58074aa9961e3d35dd50964f31365575fd92d322599394daade82f824aac5400
-
SHA512
e3a7c4e9ea92fbd7e3263710e1d8f08502ea071a0f0035f8c79982f4945cf832d4f99fe0a4318016c0c201cfa4632e0b98572650352566839640a5e42f424da1
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
58074aa9961e3d35dd50964f31365575fd92d322599394daade82f824aac5400.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
58074aa9961e3d35dd50964f31365575fd92d322599394daade82f824aac5400
-
Size
306KB
-
MD5
1ff96d3da9b108afcb3f6a80d1fd3b4d
-
SHA1
f40817d586566e41708df7a085bef1f9737e4588
-
SHA256
58074aa9961e3d35dd50964f31365575fd92d322599394daade82f824aac5400
-
SHA512
e3a7c4e9ea92fbd7e3263710e1d8f08502ea071a0f0035f8c79982f4945cf832d4f99fe0a4318016c0c201cfa4632e0b98572650352566839640a5e42f424da1
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-