General
-
Target
af2dab1bfcfa3260e86e21bf6e772b54.exe
-
Size
1.8MB
-
Sample
220506-c1ad3shbg7
-
MD5
af2dab1bfcfa3260e86e21bf6e772b54
-
SHA1
8a0793551dd3d3e19f991aac2c77c1d50852bdfa
-
SHA256
5f6abb45e898b5fa648c3ce4e8d291b98ed0c84fa6597952ddfd35e4d7c2c6f2
-
SHA512
7d05ccff7ca242c7fc350430ae0cfec5d6d6a9fde58d5986f5d4859bce1ef99dd4b1f7d0f595e3429624d996ddcf24f58e1ca340991648ae172f6d3e5ecb18cb
Static task
static1
Behavioral task
behavioral1
Sample
af2dab1bfcfa3260e86e21bf6e772b54.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
af2dab1bfcfa3260e86e21bf6e772b54.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@tropilite88
89.22.232.155:38457
-
auth_value
3df336b723fa0e1408bf216b4c58fbbd
Targets
-
-
Target
af2dab1bfcfa3260e86e21bf6e772b54.exe
-
Size
1.8MB
-
MD5
af2dab1bfcfa3260e86e21bf6e772b54
-
SHA1
8a0793551dd3d3e19f991aac2c77c1d50852bdfa
-
SHA256
5f6abb45e898b5fa648c3ce4e8d291b98ed0c84fa6597952ddfd35e4d7c2c6f2
-
SHA512
7d05ccff7ca242c7fc350430ae0cfec5d6d6a9fde58d5986f5d4859bce1ef99dd4b1f7d0f595e3429624d996ddcf24f58e1ca340991648ae172f6d3e5ecb18cb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-