General
-
Target
00c286978917b3b6285d6c3df4777fad8b3504dae72927177fe0f1f1b6e0c988
-
Size
306KB
-
Sample
240424-qzgzesah29
-
MD5
028a55f01808f7b2de4badc2f046e56f
-
SHA1
eb9fc10ad67575b9287bb7d900c89adcb5d0019c
-
SHA256
00c286978917b3b6285d6c3df4777fad8b3504dae72927177fe0f1f1b6e0c988
-
SHA512
d86c0487507a4f13a3b1d9f9d3552fe3b53c990a02b494c4164322a980e45196aa3cbcf099aeb8dd188eedecaa811f1a9736ab79e316ecade859f7d3498e341f
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
00c286978917b3b6285d6c3df4777fad8b3504dae72927177fe0f1f1b6e0c988.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
00c286978917b3b6285d6c3df4777fad8b3504dae72927177fe0f1f1b6e0c988
-
Size
306KB
-
MD5
028a55f01808f7b2de4badc2f046e56f
-
SHA1
eb9fc10ad67575b9287bb7d900c89adcb5d0019c
-
SHA256
00c286978917b3b6285d6c3df4777fad8b3504dae72927177fe0f1f1b6e0c988
-
SHA512
d86c0487507a4f13a3b1d9f9d3552fe3b53c990a02b494c4164322a980e45196aa3cbcf099aeb8dd188eedecaa811f1a9736ab79e316ecade859f7d3498e341f
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-