General
-
Target
fbc6dcddde1fa8598a4c10a72e389863.exe
-
Size
540KB
-
Sample
220520-wnk5labdg2
-
MD5
fbc6dcddde1fa8598a4c10a72e389863
-
SHA1
3a50f272f77bb601870b7c25c1bed7ffc9ea7a90
-
SHA256
3160f8d7ba9b3b64ba2ee22b70e1bb3521c84278d89d30dde7354fb56f20c1d3
-
SHA512
0cd4966c0d2d19a3a60eda7a403776ccbe335491c4ccb35270991ed2188b8d3f6fbec9ea82b8d64963ac4eef58b8c2e7e05eb0b0406dac9a866dcab0501c448d
Static task
static1
Behavioral task
behavioral1
Sample
fbc6dcddde1fa8598a4c10a72e389863.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fbc6dcddde1fa8598a4c10a72e389863.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
ruz
91.211.251.186:41933
-
auth_value
b5178f81ea8830c13e88c402dccf09f0
Targets
-
-
Target
fbc6dcddde1fa8598a4c10a72e389863.exe
-
Size
540KB
-
MD5
fbc6dcddde1fa8598a4c10a72e389863
-
SHA1
3a50f272f77bb601870b7c25c1bed7ffc9ea7a90
-
SHA256
3160f8d7ba9b3b64ba2ee22b70e1bb3521c84278d89d30dde7354fb56f20c1d3
-
SHA512
0cd4966c0d2d19a3a60eda7a403776ccbe335491c4ccb35270991ed2188b8d3f6fbec9ea82b8d64963ac4eef58b8c2e7e05eb0b0406dac9a866dcab0501c448d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-