General
-
Target
Setup.exe
-
Size
669KB
-
Sample
220611-vjftmsgfhq
-
MD5
b4878dcbd908cfa8f8713306819eb8e2
-
SHA1
f839f0f49b287fca721caa2af639f3ecaf445c79
-
SHA256
d0925c242a852d0d535a949e3142c2b775982f61ae1079cc7ae86e2a5abcfb8b
-
SHA512
15e105cb88e95a58aa630a4874d2ae1d3b7de41d01e9653e457cb0786e8b03908b4702d9af38d895a9d36298a5da6932143735a4a1935a82dc7263e633f66e6d
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
76
139.99.32.83:43199
-
auth_value
44d461325298129ed3c705440f57962c
Targets
-
-
Target
Setup.exe
-
Size
669KB
-
MD5
b4878dcbd908cfa8f8713306819eb8e2
-
SHA1
f839f0f49b287fca721caa2af639f3ecaf445c79
-
SHA256
d0925c242a852d0d535a949e3142c2b775982f61ae1079cc7ae86e2a5abcfb8b
-
SHA512
15e105cb88e95a58aa630a4874d2ae1d3b7de41d01e9653e457cb0786e8b03908b4702d9af38d895a9d36298a5da6932143735a4a1935a82dc7263e633f66e6d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-