General
-
Target
c8f2b7c815da4b8193afbc661deb5673e006ed807ed31d59b27d8d6430fa3c86
-
Size
306KB
-
Sample
240424-r2n17abf96
-
MD5
679f860f3bddb57ad7c307e371d5c463
-
SHA1
f635236840ee60cc007f758ab03fca9945135857
-
SHA256
c8f2b7c815da4b8193afbc661deb5673e006ed807ed31d59b27d8d6430fa3c86
-
SHA512
c7909c8bb0ff8fc6eb8bc7229e07048855f378aa8e51db8d5616b2748ed28072fa368961a7ea453f605a06ade7027ad0ccd950dd186c75ae0443cc16f40fe8d8
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
c8f2b7c815da4b8193afbc661deb5673e006ed807ed31d59b27d8d6430fa3c86.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
c8f2b7c815da4b8193afbc661deb5673e006ed807ed31d59b27d8d6430fa3c86
-
Size
306KB
-
MD5
679f860f3bddb57ad7c307e371d5c463
-
SHA1
f635236840ee60cc007f758ab03fca9945135857
-
SHA256
c8f2b7c815da4b8193afbc661deb5673e006ed807ed31d59b27d8d6430fa3c86
-
SHA512
c7909c8bb0ff8fc6eb8bc7229e07048855f378aa8e51db8d5616b2748ed28072fa368961a7ea453f605a06ade7027ad0ccd950dd186c75ae0443cc16f40fe8d8
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-