General
-
Target
e2268af5897931648b99818650d06eed.exe
-
Size
846KB
-
Sample
220129-rezt6scca5
-
MD5
e2268af5897931648b99818650d06eed
-
SHA1
0eee1a8c4a06160c01cdd72a9675f77cd441adec
-
SHA256
74768564ea2ac673e57e937f80c895c81d015e99a72544efa5a679d729c46d5f
-
SHA512
e0df61ebd86576eab80637871be622f9fe66ec0a86bb043f2ca93901e4735a4b427a5a50b4d5cfc425863649a1565b383b4478036bf220d0dd72b0641cf44cea
Static task
static1
Behavioral task
behavioral1
Sample
e2268af5897931648b99818650d06eed.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e2268af5897931648b99818650d06eed.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
CrypTS
91.243.32.69:6941
Targets
-
-
Target
e2268af5897931648b99818650d06eed.exe
-
Size
846KB
-
MD5
e2268af5897931648b99818650d06eed
-
SHA1
0eee1a8c4a06160c01cdd72a9675f77cd441adec
-
SHA256
74768564ea2ac673e57e937f80c895c81d015e99a72544efa5a679d729c46d5f
-
SHA512
e0df61ebd86576eab80637871be622f9fe66ec0a86bb043f2ca93901e4735a4b427a5a50b4d5cfc425863649a1565b383b4478036bf220d0dd72b0641cf44cea
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-