General
-
Target
62434278.exe
-
Size
4.0MB
-
Sample
220323-fcvlwsfdd2
-
MD5
a9dcb01f21ef3159226eb0c179d26767
-
SHA1
31606eecdbb999c83908e3ac9cb3b64c43923992
-
SHA256
7dd0e4164bf63cdd163874c0f58e165362de6f109c2d750150c877f3018108c2
-
SHA512
5c7a4a6846514dd8eb3498d89a9d28519c6220654670c02e18aec2a6c28ad64db338c1a202052bb83c3f3d221c2ec2b713bd59705d35efaec21e7e331e9f4919
Static task
static1
Behavioral task
behavioral1
Sample
62434278.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
62434278.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
redline
@JABKA9983
92.255.85.137:41320
-
auth_value
507a0c408947972b94cf44475f601269
Targets
-
-
Target
62434278.exe
-
Size
4.0MB
-
MD5
a9dcb01f21ef3159226eb0c179d26767
-
SHA1
31606eecdbb999c83908e3ac9cb3b64c43923992
-
SHA256
7dd0e4164bf63cdd163874c0f58e165362de6f109c2d750150c877f3018108c2
-
SHA512
5c7a4a6846514dd8eb3498d89a9d28519c6220654670c02e18aec2a6c28ad64db338c1a202052bb83c3f3d221c2ec2b713bd59705d35efaec21e7e331e9f4919
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-