General
-
Target
4f66946b66eca97b0389f4c099c06dde054832e997821389913be4cdc6528be0
-
Size
306KB
-
Sample
240424-scte2sca5z
-
MD5
475922528e71485a5c0a93a1e0446cb7
-
SHA1
5d658e3107cdadadfb2524950898286e9aed11cc
-
SHA256
4f66946b66eca97b0389f4c099c06dde054832e997821389913be4cdc6528be0
-
SHA512
86e900bca803cdffe4bb8f142de287ea9413689af0114274feea45dfc7a27ae3b09b8dbe4052c66659b2aaa2eabf14e264e8c6c25244545809a040fe801e6b5c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
4f66946b66eca97b0389f4c099c06dde054832e997821389913be4cdc6528be0.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
4f66946b66eca97b0389f4c099c06dde054832e997821389913be4cdc6528be0
-
Size
306KB
-
MD5
475922528e71485a5c0a93a1e0446cb7
-
SHA1
5d658e3107cdadadfb2524950898286e9aed11cc
-
SHA256
4f66946b66eca97b0389f4c099c06dde054832e997821389913be4cdc6528be0
-
SHA512
86e900bca803cdffe4bb8f142de287ea9413689af0114274feea45dfc7a27ae3b09b8dbe4052c66659b2aaa2eabf14e264e8c6c25244545809a040fe801e6b5c
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-