General
-
Target
42b63e1244a9f65fda165296ffdc333d84d6d7089f5c4e30580715576477a03a
-
Size
306KB
-
Sample
240424-r5wkfabg66
-
MD5
12fb67f6002fec08e5051ff488893a33
-
SHA1
bb53950885dd20b3f41135ec2a9bd70d5c5c7db1
-
SHA256
42b63e1244a9f65fda165296ffdc333d84d6d7089f5c4e30580715576477a03a
-
SHA512
0cc90efd659e39c8e5ee8eca4319ce745d66a62c17f9340cdfa7c2748e5fd640775a793840611748798be3662638b1fc8a2f6fa90aebdfed4f7ee14f6b85a4c8
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
42b63e1244a9f65fda165296ffdc333d84d6d7089f5c4e30580715576477a03a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
42b63e1244a9f65fda165296ffdc333d84d6d7089f5c4e30580715576477a03a
-
Size
306KB
-
MD5
12fb67f6002fec08e5051ff488893a33
-
SHA1
bb53950885dd20b3f41135ec2a9bd70d5c5c7db1
-
SHA256
42b63e1244a9f65fda165296ffdc333d84d6d7089f5c4e30580715576477a03a
-
SHA512
0cc90efd659e39c8e5ee8eca4319ce745d66a62c17f9340cdfa7c2748e5fd640775a793840611748798be3662638b1fc8a2f6fa90aebdfed4f7ee14f6b85a4c8
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-