General
-
Target
ff66f3f93cd6943448a13df92a926dd8f47c56b4313e35ad83724d23ea4c05bd
-
Size
306KB
-
Sample
240424-rhl3gsbd3t
-
MD5
9d8b72c64157a2be8c88abf3e02d8bef
-
SHA1
a5bd989344482dd8d61b5ca3d82f69a451d9cf32
-
SHA256
ff66f3f93cd6943448a13df92a926dd8f47c56b4313e35ad83724d23ea4c05bd
-
SHA512
23104919b8df1d93e6ea1d5e7cf22faa0cc99ecf04dbcbad611a31d8af0049c31516703710b940d7784e5cf6149424f2ccc4eb107d23c3d51847802f31878f3e
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
ff66f3f93cd6943448a13df92a926dd8f47c56b4313e35ad83724d23ea4c05bd.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
ff66f3f93cd6943448a13df92a926dd8f47c56b4313e35ad83724d23ea4c05bd
-
Size
306KB
-
MD5
9d8b72c64157a2be8c88abf3e02d8bef
-
SHA1
a5bd989344482dd8d61b5ca3d82f69a451d9cf32
-
SHA256
ff66f3f93cd6943448a13df92a926dd8f47c56b4313e35ad83724d23ea4c05bd
-
SHA512
23104919b8df1d93e6ea1d5e7cf22faa0cc99ecf04dbcbad611a31d8af0049c31516703710b940d7784e5cf6149424f2ccc4eb107d23c3d51847802f31878f3e
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-