General
-
Target
86cf94762ebfbcb27c26bf1b61856a85e526922b2fef193d65160027eb1e3076
-
Size
306KB
-
Sample
240424-r3vkcsbg39
-
MD5
cfaea1b58908d2b946c495106a24e2f8
-
SHA1
7cf3840f6b5f4ba6973b008074d7f3a27c1fecc8
-
SHA256
86cf94762ebfbcb27c26bf1b61856a85e526922b2fef193d65160027eb1e3076
-
SHA512
2c64373e711dff4381874d70a7cfe4cbf301e272e530f9f51bb19748fffa645d10e802fbed02acc7e9ba7306e98441036e6870624638316a282a0e25348223db
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
86cf94762ebfbcb27c26bf1b61856a85e526922b2fef193d65160027eb1e3076.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
86cf94762ebfbcb27c26bf1b61856a85e526922b2fef193d65160027eb1e3076
-
Size
306KB
-
MD5
cfaea1b58908d2b946c495106a24e2f8
-
SHA1
7cf3840f6b5f4ba6973b008074d7f3a27c1fecc8
-
SHA256
86cf94762ebfbcb27c26bf1b61856a85e526922b2fef193d65160027eb1e3076
-
SHA512
2c64373e711dff4381874d70a7cfe4cbf301e272e530f9f51bb19748fffa645d10e802fbed02acc7e9ba7306e98441036e6870624638316a282a0e25348223db
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-