General
-
Target
b489f856fc6221a0d54175e5a8317f16.exe
-
Size
425KB
-
Sample
210607-s16pdqb16s
-
MD5
b489f856fc6221a0d54175e5a8317f16
-
SHA1
4720dae7e0159f8384c216b385d341d1daed05a3
-
SHA256
add6e9827625e6d09da7b134b34bfd0bc52d3c2a23e3efdefebd50319899a007
-
SHA512
ce21ebb45166752fafafc1400a83a7175dbdf505711b44b84c2430121ae60c6f14dd487adb2d4473eda69366195feef165719171cd4b7d3b295a310557c07341
Static task
static1
Behavioral task
behavioral1
Sample
b489f856fc6221a0d54175e5a8317f16.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
b489f856fc6221a0d54175e5a8317f16.exe
Resource
win10v20210410
Malware Config
Extracted
redline
SEL5
157.90.251.148:53294
Targets
-
-
Target
b489f856fc6221a0d54175e5a8317f16.exe
-
Size
425KB
-
MD5
b489f856fc6221a0d54175e5a8317f16
-
SHA1
4720dae7e0159f8384c216b385d341d1daed05a3
-
SHA256
add6e9827625e6d09da7b134b34bfd0bc52d3c2a23e3efdefebd50319899a007
-
SHA512
ce21ebb45166752fafafc1400a83a7175dbdf505711b44b84c2430121ae60c6f14dd487adb2d4473eda69366195feef165719171cd4b7d3b295a310557c07341
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-