General
-
Target
4ecf4dac9966f1cb45a2fa867c3f7e63736b6d377a9f16c9b36696405ce5ce39
-
Size
3.6MB
-
Sample
220207-s9blhaeba6
-
MD5
b47f7078ad0d69e7fb52a6a3b8d8e2e1
-
SHA1
7024bbf3880f61a8bb00b25c83ed369c2a6cf0d5
-
SHA256
4ecf4dac9966f1cb45a2fa867c3f7e63736b6d377a9f16c9b36696405ce5ce39
-
SHA512
d88954c5f4854025efaff069b9eceea9d800c8ff531461bb70f2105499629df1d4d62e11ec799054ca78a5d9415cf57e34bcc3efc3838f8ead88b3a8b92fdb28
Static task
static1
Behavioral task
behavioral1
Sample
4ecf4dac9966f1cb45a2fa867c3f7e63736b6d377a9f16c9b36696405ce5ce39.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
install
46.51.151.97:14313
Targets
-
-
Target
4ecf4dac9966f1cb45a2fa867c3f7e63736b6d377a9f16c9b36696405ce5ce39
-
Size
3.6MB
-
MD5
b47f7078ad0d69e7fb52a6a3b8d8e2e1
-
SHA1
7024bbf3880f61a8bb00b25c83ed369c2a6cf0d5
-
SHA256
4ecf4dac9966f1cb45a2fa867c3f7e63736b6d377a9f16c9b36696405ce5ce39
-
SHA512
d88954c5f4854025efaff069b9eceea9d800c8ff531461bb70f2105499629df1d4d62e11ec799054ca78a5d9415cf57e34bcc3efc3838f8ead88b3a8b92fdb28
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-