General
-
Target
bd0e553b6aa1c2d20d637133aa20fc089efbea91ba80a9242021c4f2f0a01bff
-
Size
306KB
-
Sample
240424-sh76dscb39
-
MD5
45ed77cc49ae0739826a2565a93a87e0
-
SHA1
7296df114951adf9d3983db9a8a5841dd192d5f9
-
SHA256
bd0e553b6aa1c2d20d637133aa20fc089efbea91ba80a9242021c4f2f0a01bff
-
SHA512
db7e74d06501c1b4a2902df71e0e87e8bb1164a2e7948132002f39385f5a62bb7bd2e88a9b92765faa252759da1b92ff49bd26fb9742226221f3da8d674d06cf
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
bd0e553b6aa1c2d20d637133aa20fc089efbea91ba80a9242021c4f2f0a01bff.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
bd0e553b6aa1c2d20d637133aa20fc089efbea91ba80a9242021c4f2f0a01bff
-
Size
306KB
-
MD5
45ed77cc49ae0739826a2565a93a87e0
-
SHA1
7296df114951adf9d3983db9a8a5841dd192d5f9
-
SHA256
bd0e553b6aa1c2d20d637133aa20fc089efbea91ba80a9242021c4f2f0a01bff
-
SHA512
db7e74d06501c1b4a2902df71e0e87e8bb1164a2e7948132002f39385f5a62bb7bd2e88a9b92765faa252759da1b92ff49bd26fb9742226221f3da8d674d06cf
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-