General
-
Target
a1810784ba426db674cadf5b3792a94e9de66e9cfebe53d443ce98c97dac8148
-
Size
306KB
-
Sample
240424-sern8sca66
-
MD5
4ea5b07589552aecc9ac76aa04856e34
-
SHA1
aa58879704625cdb042cf5b5b5f7b75773a4eb19
-
SHA256
a1810784ba426db674cadf5b3792a94e9de66e9cfebe53d443ce98c97dac8148
-
SHA512
0d802acc709ec63e6ed70fb54931465c15cff5b7946361cd1b8e51b360aa4230ce9d03d900db794e23ed9395e898e37df2024e5adfb7d64530a2f837a60ab9bd
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
a1810784ba426db674cadf5b3792a94e9de66e9cfebe53d443ce98c97dac8148.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
a1810784ba426db674cadf5b3792a94e9de66e9cfebe53d443ce98c97dac8148
-
Size
306KB
-
MD5
4ea5b07589552aecc9ac76aa04856e34
-
SHA1
aa58879704625cdb042cf5b5b5f7b75773a4eb19
-
SHA256
a1810784ba426db674cadf5b3792a94e9de66e9cfebe53d443ce98c97dac8148
-
SHA512
0d802acc709ec63e6ed70fb54931465c15cff5b7946361cd1b8e51b360aa4230ce9d03d900db794e23ed9395e898e37df2024e5adfb7d64530a2f837a60ab9bd
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-