General
-
Target
eb221415b5e23a75151b3e2bc285b682d9b4687a0d2c7e0f1c4883ad047bc8ee
-
Size
306KB
-
Sample
240424-r9w2rsbh8z
-
MD5
38c344d89cffd5d30a983830fd599179
-
SHA1
e9ddd4d760e52313b9bc7cbcb0d2d4d5db2d5292
-
SHA256
eb221415b5e23a75151b3e2bc285b682d9b4687a0d2c7e0f1c4883ad047bc8ee
-
SHA512
eb784da40dc5666beae0ab5a6b06fa2e28471e6c4e3194ba5e9caa4a16d87324d500bed054f8d07918cf5a2b42630906cafae5e98d5cdcbeeab1d00b5836e19b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
eb221415b5e23a75151b3e2bc285b682d9b4687a0d2c7e0f1c4883ad047bc8ee.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
eb221415b5e23a75151b3e2bc285b682d9b4687a0d2c7e0f1c4883ad047bc8ee
-
Size
306KB
-
MD5
38c344d89cffd5d30a983830fd599179
-
SHA1
e9ddd4d760e52313b9bc7cbcb0d2d4d5db2d5292
-
SHA256
eb221415b5e23a75151b3e2bc285b682d9b4687a0d2c7e0f1c4883ad047bc8ee
-
SHA512
eb784da40dc5666beae0ab5a6b06fa2e28471e6c4e3194ba5e9caa4a16d87324d500bed054f8d07918cf5a2b42630906cafae5e98d5cdcbeeab1d00b5836e19b
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-