General
-
Target
d57bc1364cdf3910bc9d2391439c8b6180fb3a6ffec2199fee5d457eab5b0b16
-
Size
306KB
-
Sample
240424-qvwl1sag8x
-
MD5
4519ab5174d89df41b5c26b44aff6d8b
-
SHA1
6b92b2d253434ebbac02eb41155d5cdba3950468
-
SHA256
d57bc1364cdf3910bc9d2391439c8b6180fb3a6ffec2199fee5d457eab5b0b16
-
SHA512
580ed9297238c8de0f55e8105eb258b8cf9b2af27fc72b9d758c8d578f217b46381cbf1db66d4f3284924c8bafde7725f4685d37faf91661ee12063b396e6440
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
d57bc1364cdf3910bc9d2391439c8b6180fb3a6ffec2199fee5d457eab5b0b16.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
d57bc1364cdf3910bc9d2391439c8b6180fb3a6ffec2199fee5d457eab5b0b16
-
Size
306KB
-
MD5
4519ab5174d89df41b5c26b44aff6d8b
-
SHA1
6b92b2d253434ebbac02eb41155d5cdba3950468
-
SHA256
d57bc1364cdf3910bc9d2391439c8b6180fb3a6ffec2199fee5d457eab5b0b16
-
SHA512
580ed9297238c8de0f55e8105eb258b8cf9b2af27fc72b9d758c8d578f217b46381cbf1db66d4f3284924c8bafde7725f4685d37faf91661ee12063b396e6440
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-