General
-
Target
0a652f366793fc30eb6d834debff4228162647b62b113086cf22846fdb2b8c30
-
Size
306KB
-
Sample
240424-rbed3abb49
-
MD5
4a14112bf9c5f424945c575cfddd4bba
-
SHA1
3f68915c3a685f21ac8c4cdf37463ea490bed52b
-
SHA256
0a652f366793fc30eb6d834debff4228162647b62b113086cf22846fdb2b8c30
-
SHA512
b0a1724cf1b2fef73e151ebfb75fe288cc2e124e5fc4c992925293c9e0bc21590ae077c5e1c6b27499254245118dcad62b61fc0f4ed0b5dac13c14f42e68f3e3
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
0a652f366793fc30eb6d834debff4228162647b62b113086cf22846fdb2b8c30.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
0a652f366793fc30eb6d834debff4228162647b62b113086cf22846fdb2b8c30
-
Size
306KB
-
MD5
4a14112bf9c5f424945c575cfddd4bba
-
SHA1
3f68915c3a685f21ac8c4cdf37463ea490bed52b
-
SHA256
0a652f366793fc30eb6d834debff4228162647b62b113086cf22846fdb2b8c30
-
SHA512
b0a1724cf1b2fef73e151ebfb75fe288cc2e124e5fc4c992925293c9e0bc21590ae077c5e1c6b27499254245118dcad62b61fc0f4ed0b5dac13c14f42e68f3e3
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-