General
-
Target
d5d5ca5658c39e952c0b8a8c8d9a4a80.exe
-
Size
1.8MB
-
Sample
220424-rt5c7sdghn
-
MD5
d5d5ca5658c39e952c0b8a8c8d9a4a80
-
SHA1
5cafaab50da1685258e06c5d26c270ec8fa7386a
-
SHA256
5ae97fd297925c21665861de9f6f6d2bc0264348ea586d4f45a9c4840445950e
-
SHA512
1f5c46fb50446ac459ec8b189344fe94210afd049f4bf8f3f87dfa061872028b50f799e93f83c6739f7a76f2854624267c1bbb055c5918c695cef669c26d84b3
Static task
static1
Behavioral task
behavioral1
Sample
d5d5ca5658c39e952c0b8a8c8d9a4a80.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d5d5ca5658c39e952c0b8a8c8d9a4a80.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@ansdvsvsvd
46.8.220.88:65531
-
auth_value
d7b874c6650abbcb219b4f56f4676fee
Targets
-
-
Target
d5d5ca5658c39e952c0b8a8c8d9a4a80.exe
-
Size
1.8MB
-
MD5
d5d5ca5658c39e952c0b8a8c8d9a4a80
-
SHA1
5cafaab50da1685258e06c5d26c270ec8fa7386a
-
SHA256
5ae97fd297925c21665861de9f6f6d2bc0264348ea586d4f45a9c4840445950e
-
SHA512
1f5c46fb50446ac459ec8b189344fe94210afd049f4bf8f3f87dfa061872028b50f799e93f83c6739f7a76f2854624267c1bbb055c5918c695cef669c26d84b3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-