General
-
Target
6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
-
Size
306KB
-
Sample
240424-qp27lsaf78
-
MD5
dbeb12a1da97ee2f02e1d71d1624d5ff
-
SHA1
30afa05b95b7c82b777bd09aa0c3525995b34a20
-
SHA256
6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
-
SHA512
c728b73741278d0bd0cf1f4048bd953e6f8cf52848ccd600d0713d0584f04b75504d19343f383de68df94665a41e1bc80a6df10aaefef64a2e85188837031c55
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
-
Size
306KB
-
MD5
dbeb12a1da97ee2f02e1d71d1624d5ff
-
SHA1
30afa05b95b7c82b777bd09aa0c3525995b34a20
-
SHA256
6aa8719ce0c79db8205da0bac50fa0d3a6f4b94edadd384f9cf710e639cfe8a4
-
SHA512
c728b73741278d0bd0cf1f4048bd953e6f8cf52848ccd600d0713d0584f04b75504d19343f383de68df94665a41e1bc80a6df10aaefef64a2e85188837031c55
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-