General
-
Target
5fca2441806f40ccf33ef20f86667acd21c8bf618c74149c7e63e239db8f3fed
-
Size
306KB
-
Sample
240424-rflzpsbc61
-
MD5
32fbc14b5f2fed4d0419537f1b377c8a
-
SHA1
fb24e2d8833f40a7ffef92e0e88720c7ac0d2d58
-
SHA256
5fca2441806f40ccf33ef20f86667acd21c8bf618c74149c7e63e239db8f3fed
-
SHA512
6d345f342b494596d09fd1be21391f38dc28e1adaf2b4e2dbfde4c96aa473e899383f69e17d49113409af8a08c0a0343ad98b1c17e22a38a40880c295458764c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
5fca2441806f40ccf33ef20f86667acd21c8bf618c74149c7e63e239db8f3fed.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
5fca2441806f40ccf33ef20f86667acd21c8bf618c74149c7e63e239db8f3fed
-
Size
306KB
-
MD5
32fbc14b5f2fed4d0419537f1b377c8a
-
SHA1
fb24e2d8833f40a7ffef92e0e88720c7ac0d2d58
-
SHA256
5fca2441806f40ccf33ef20f86667acd21c8bf618c74149c7e63e239db8f3fed
-
SHA512
6d345f342b494596d09fd1be21391f38dc28e1adaf2b4e2dbfde4c96aa473e899383f69e17d49113409af8a08c0a0343ad98b1c17e22a38a40880c295458764c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-