General
-
Target
RedLine_noOVL.exe
-
Size
264KB
-
Sample
220603-ej24wagbe5
-
MD5
88deb557aef2657a31dbb3d6b1281b38
-
SHA1
7fdca9956efd3c3d7a322d533a20518fa8ac27e8
-
SHA256
0197e17c47c6b23f902838ce1482b878b9693d299e451b18b716a30d637c1756
-
SHA512
4a7a35f99c7dfa7499360d1118fb74e25cee7d07a29b035f025009e39238b4f4238951c7ac3d0aebb7fb54a02e6c7247d726f594a9b0d7bcb5781fe7c0e2b725
Static task
static1
Behavioral task
behavioral1
Sample
RedLine_noOVL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
RedLine_noOVL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
meta1
168.119.106.211:64746
-
auth_value
c58c58849e734196e515b3cd2acd1ae6
Targets
-
-
Target
RedLine_noOVL.exe
-
Size
264KB
-
MD5
88deb557aef2657a31dbb3d6b1281b38
-
SHA1
7fdca9956efd3c3d7a322d533a20518fa8ac27e8
-
SHA256
0197e17c47c6b23f902838ce1482b878b9693d299e451b18b716a30d637c1756
-
SHA512
4a7a35f99c7dfa7499360d1118fb74e25cee7d07a29b035f025009e39238b4f4238951c7ac3d0aebb7fb54a02e6c7247d726f594a9b0d7bcb5781fe7c0e2b725
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-