General
-
Target
5d4cd0ca70d224e17ba7f0c1a0a64cd68505d8ac10ffc23d96fba3ae166c60c8
-
Size
1.8MB
-
Sample
220502-lzcx9agef2
-
MD5
ff791e2212ce12a8e334ce553857eb89
-
SHA1
1d76dc8f24fe839b8938a6c84fa55dfabaa10e39
-
SHA256
5d4cd0ca70d224e17ba7f0c1a0a64cd68505d8ac10ffc23d96fba3ae166c60c8
-
SHA512
559407e2d66ae8f5741fb38527b2f5ee98deaf13054226ca43f6bf00bb40380c8c8d5fc6a64d5640b7d72dc52a727ca3e6f5f71422147e63b1214a5193e15295
Static task
static1
Behavioral task
behavioral1
Sample
5d4cd0ca70d224e17ba7f0c1a0a64cd68505d8ac10ffc23d96fba3ae166c60c8.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
@ansdvsvsvd
46.8.220.88:65531
-
auth_value
d7b874c6650abbcb219b4f56f4676fee
Targets
-
-
Target
5d4cd0ca70d224e17ba7f0c1a0a64cd68505d8ac10ffc23d96fba3ae166c60c8
-
Size
1.8MB
-
MD5
ff791e2212ce12a8e334ce553857eb89
-
SHA1
1d76dc8f24fe839b8938a6c84fa55dfabaa10e39
-
SHA256
5d4cd0ca70d224e17ba7f0c1a0a64cd68505d8ac10ffc23d96fba3ae166c60c8
-
SHA512
559407e2d66ae8f5741fb38527b2f5ee98deaf13054226ca43f6bf00bb40380c8c8d5fc6a64d5640b7d72dc52a727ca3e6f5f71422147e63b1214a5193e15295
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-