General
-
Target
47ca3ca5806e61f8a1e591942b9178b89f9b7a9d3cabbd3c2a868106c29c6e71
-
Size
306KB
-
Sample
240424-r5myasbh4y
-
MD5
aef844361ac58cb506e83466000c9ef4
-
SHA1
2101501c72637e37f7b3274e0ae079e5d05a28df
-
SHA256
47ca3ca5806e61f8a1e591942b9178b89f9b7a9d3cabbd3c2a868106c29c6e71
-
SHA512
73ed60a38fc64046efd8583cececb1138a8bb53489bd1363250c2b215308289185798c11c07ed71c5da6dd928b3552ff2c01452901a6d73148448f6503131e7f
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
47ca3ca5806e61f8a1e591942b9178b89f9b7a9d3cabbd3c2a868106c29c6e71.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
47ca3ca5806e61f8a1e591942b9178b89f9b7a9d3cabbd3c2a868106c29c6e71
-
Size
306KB
-
MD5
aef844361ac58cb506e83466000c9ef4
-
SHA1
2101501c72637e37f7b3274e0ae079e5d05a28df
-
SHA256
47ca3ca5806e61f8a1e591942b9178b89f9b7a9d3cabbd3c2a868106c29c6e71
-
SHA512
73ed60a38fc64046efd8583cececb1138a8bb53489bd1363250c2b215308289185798c11c07ed71c5da6dd928b3552ff2c01452901a6d73148448f6503131e7f
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-