General
-
Target
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35
-
Size
306KB
-
Sample
240424-shgy7scb4y
-
MD5
cf110b2f2009c9214e237d58687bde66
-
SHA1
4933bb1af9e0112f8daf4fc404441bd4cf6f2b8c
-
SHA256
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35
-
SHA512
6fcfb53e21b9de1743fad0fb7ebe801e52aa41834fcbb21fe519ea1c0cbe7bfeb3df2673c4363d97588c57ee3db2e1e236fc1ee5025101d732b030ebd23b0000
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
Behavioral task
behavioral1
Sample
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35.exe
Resource
win11-20240412-en
Malware Config
Extracted
redline
spoo
103.113.70.99:2630
Targets
-
-
Target
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35
-
Size
306KB
-
MD5
cf110b2f2009c9214e237d58687bde66
-
SHA1
4933bb1af9e0112f8daf4fc404441bd4cf6f2b8c
-
SHA256
c135dd72f7bdc02a636a075faf98f17f344a381698e8292aa0c11dbe66169f35
-
SHA512
6fcfb53e21b9de1743fad0fb7ebe801e52aa41834fcbb21fe519ea1c0cbe7bfeb3df2673c4363d97588c57ee3db2e1e236fc1ee5025101d732b030ebd23b0000
-
SSDEEP
6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-