General
-
Target
c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
-
Size
306KB
-
Sample
240424-rnjvbabd39
-
MD5
fa4ab5265dea71f2fa6469a55de1d30c
-
SHA1
ccd82a282edb641691f4e07f7d49c89882ebf635
-
SHA256
c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
-
SHA512
810832b1fdfa3309adb99587d52529c4f54351a958f841ddc0f8d1c69964e2b20e9e89b2add0ef2178f9c717679a9e5e1a200a38c51ccb10666919518dd65253
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
-
Size
306KB
-
MD5
fa4ab5265dea71f2fa6469a55de1d30c
-
SHA1
ccd82a282edb641691f4e07f7d49c89882ebf635
-
SHA256
c8d6ef9f0fd8ab7e62dd35f80d6e1d7206bad2105abf5e53f541d47d2a00534a
-
SHA512
810832b1fdfa3309adb99587d52529c4f54351a958f841ddc0f8d1c69964e2b20e9e89b2add0ef2178f9c717679a9e5e1a200a38c51ccb10666919518dd65253
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-