General
-
Target
de6cfcbf92e5b6ddd7b18c96a150f85d76cf57d456d3f3277cff4d804e1b8d59
-
Size
5.9MB
-
Sample
211220-echfwsacem
-
MD5
9230bfe605cb9f137e9c7f581473e0e0
-
SHA1
a53314a5846cf0ef10ae265c65222635569df125
-
SHA256
de6cfcbf92e5b6ddd7b18c96a150f85d76cf57d456d3f3277cff4d804e1b8d59
-
SHA512
aefdbea343ad07edd3e93bbe9ba6ba66dd24bebfad1d286c84c729d8edbb52f12c350ea9ab9cb22bee60b1a6cce9d01cc01032914f9c5c8dd15ee36d6afdbdb1
Static task
static1
Behavioral task
behavioral1
Sample
de6cfcbf92e5b6ddd7b18c96a150f85d76cf57d456d3f3277cff4d804e1b8d59.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
444
31.131.254.105:1498
Targets
-
-
Target
de6cfcbf92e5b6ddd7b18c96a150f85d76cf57d456d3f3277cff4d804e1b8d59
-
Size
5.9MB
-
MD5
9230bfe605cb9f137e9c7f581473e0e0
-
SHA1
a53314a5846cf0ef10ae265c65222635569df125
-
SHA256
de6cfcbf92e5b6ddd7b18c96a150f85d76cf57d456d3f3277cff4d804e1b8d59
-
SHA512
aefdbea343ad07edd3e93bbe9ba6ba66dd24bebfad1d286c84c729d8edbb52f12c350ea9ab9cb22bee60b1a6cce9d01cc01032914f9c5c8dd15ee36d6afdbdb1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-