General
-
Target
43fba32409e78428c644dd225b539cdd5239bf804da67e1a8ec86c57d7215881
-
Size
306KB
-
Sample
240424-r9h5xabh52
-
MD5
6d24cf499ee1d0077b6c5962ec3e5cb9
-
SHA1
136a40009fca2915133860b91ead11474f3d9599
-
SHA256
43fba32409e78428c644dd225b539cdd5239bf804da67e1a8ec86c57d7215881
-
SHA512
073ceb5990ff381ee571c7b9b25ac939b402295eed8534b33b905b97f52f16fa00001db4969de1090f5879ec306b4c7e40e37a3eb77ae7cf3ef7556751c23244
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
43fba32409e78428c644dd225b539cdd5239bf804da67e1a8ec86c57d7215881.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
43fba32409e78428c644dd225b539cdd5239bf804da67e1a8ec86c57d7215881
-
Size
306KB
-
MD5
6d24cf499ee1d0077b6c5962ec3e5cb9
-
SHA1
136a40009fca2915133860b91ead11474f3d9599
-
SHA256
43fba32409e78428c644dd225b539cdd5239bf804da67e1a8ec86c57d7215881
-
SHA512
073ceb5990ff381ee571c7b9b25ac939b402295eed8534b33b905b97f52f16fa00001db4969de1090f5879ec306b4c7e40e37a3eb77ae7cf3ef7556751c23244
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-