General
-
Target
__1000.png.exe.vir
-
Size
1.2MB
-
Sample
220619-ze9y5sbgdp
-
MD5
926ee43e282b9774b710501c4fff41c7
-
SHA1
4d8ebd4ac62c70e0e42d17b62a3051c686ece7df
-
SHA256
3b38378d0b57fc75646c350f286d53ad0d7a15ebd4d103374e2e2301758ab442
-
SHA512
9f338257255e53dc215fba6845af5a3cac39028be945481c514dd3393783a2be5f0d858ddbfba7b5716c8d62cf97870beaf467313db859ce93c601ae56c85257
Static task
static1
Behavioral task
behavioral1
Sample
__1000.png.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
__1000.png.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
2
45.142.122.179:36803
-
auth_value
8b4fd9f885203719dec0ceda822a4ec3
Targets
-
-
Target
__1000.png.exe.vir
-
Size
1.2MB
-
MD5
926ee43e282b9774b710501c4fff41c7
-
SHA1
4d8ebd4ac62c70e0e42d17b62a3051c686ece7df
-
SHA256
3b38378d0b57fc75646c350f286d53ad0d7a15ebd4d103374e2e2301758ab442
-
SHA512
9f338257255e53dc215fba6845af5a3cac39028be945481c514dd3393783a2be5f0d858ddbfba7b5716c8d62cf97870beaf467313db859ce93c601ae56c85257
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-