General
-
Target
0144cf533d52368105cc6e87d946c29a769d5827709ee020bace2b40f8b4cb57
-
Size
306KB
-
Sample
240424-sgj26sca97
-
MD5
df55b4c934207e30b3f6dd385d1048fe
-
SHA1
f35f642760411ca58b28ab2042a8e7ce14b72a2b
-
SHA256
0144cf533d52368105cc6e87d946c29a769d5827709ee020bace2b40f8b4cb57
-
SHA512
d6685a65fce3bbc65496f3ee4b1c6afe98e4da19fb0f3362a6be317b1f5f1698c60dda1863b5f3547f6f183c294425d4a7678c6ab62aea962ec0e83025e99219
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
0144cf533d52368105cc6e87d946c29a769d5827709ee020bace2b40f8b4cb57.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
0144cf533d52368105cc6e87d946c29a769d5827709ee020bace2b40f8b4cb57
-
Size
306KB
-
MD5
df55b4c934207e30b3f6dd385d1048fe
-
SHA1
f35f642760411ca58b28ab2042a8e7ce14b72a2b
-
SHA256
0144cf533d52368105cc6e87d946c29a769d5827709ee020bace2b40f8b4cb57
-
SHA512
d6685a65fce3bbc65496f3ee4b1c6afe98e4da19fb0f3362a6be317b1f5f1698c60dda1863b5f3547f6f183c294425d4a7678c6ab62aea962ec0e83025e99219
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-