General
-
Target
e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc
-
Size
4.6MB
-
Sample
211021-hyn3caaaa3
-
MD5
dde802cb5ee205fad7f2f6bc04b546b8
-
SHA1
3a41170c27e13179d0c01236a5f4d090b84d3bf5
-
SHA256
e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc
-
SHA512
eb95988bf0f3f750cfbb42f804e67a1f1ff907ed6015ee873e27ea1380bd55375b12d7d724308ce667fd15b4d3e58ef8f30482aefb935b24ed7dcc2a18d82549
Static task
static1
Behavioral task
behavioral1
Sample
e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
2
135.181.6.55:60846
Targets
-
-
Target
e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc
-
Size
4.6MB
-
MD5
dde802cb5ee205fad7f2f6bc04b546b8
-
SHA1
3a41170c27e13179d0c01236a5f4d090b84d3bf5
-
SHA256
e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc
-
SHA512
eb95988bf0f3f750cfbb42f804e67a1f1ff907ed6015ee873e27ea1380bd55375b12d7d724308ce667fd15b4d3e58ef8f30482aefb935b24ed7dcc2a18d82549
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-