General
-
Target
Installer.exe
-
Size
586.3MB
-
Sample
220615-pbghbaefdq
-
MD5
56cae4e535bb14d5b699a1f3b3a372f0
-
SHA1
8e085dc03bc975c10ebe2076962c17f8bd369e98
-
SHA256
f919ca0a5c6bff30ebed640b411b8a1a73350497fdd6087e1a24f7d9648724bf
-
SHA512
37e9233427fd3c990d637e406c58430319d6c6d10798ebdff25e81dccca32e5620e6dca44937adea7263888562e02c2488f04e2578e4b70bdf08a4b8053ba6fd
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
777
89.22.227.140:31288
-
auth_value
e42115cf07e73321acdde5e388b0aef9
Targets
-
-
Target
Installer.exe
-
Size
586.3MB
-
MD5
56cae4e535bb14d5b699a1f3b3a372f0
-
SHA1
8e085dc03bc975c10ebe2076962c17f8bd369e98
-
SHA256
f919ca0a5c6bff30ebed640b411b8a1a73350497fdd6087e1a24f7d9648724bf
-
SHA512
37e9233427fd3c990d637e406c58430319d6c6d10798ebdff25e81dccca32e5620e6dca44937adea7263888562e02c2488f04e2578e4b70bdf08a4b8053ba6fd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-