General
-
Target
534434
-
Size
708KB
-
Sample
220701-ey47sadfc7
-
MD5
ce451256b074a65ab1495475771c5dbf
-
SHA1
1e8ecd663ee201b77bc30eb411d82527ae798b59
-
SHA256
505683f2952ae133278ba5ccbff80fb0375b381dedda09a630c6b7f9e0cf8b78
-
SHA512
b804b24426860cd6ff409ee70b4af546a48bae311865c2ef18ca134b7acaad5e1216602a4fc48168a2b9461a75f3b082428b3a323b2e409df784df5010f09a21
Static task
static1
Behavioral task
behavioral1
Sample
534434.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
534434.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
build
85.208.184.106:14431
Targets
-
-
Target
534434
-
Size
708KB
-
MD5
ce451256b074a65ab1495475771c5dbf
-
SHA1
1e8ecd663ee201b77bc30eb411d82527ae798b59
-
SHA256
505683f2952ae133278ba5ccbff80fb0375b381dedda09a630c6b7f9e0cf8b78
-
SHA512
b804b24426860cd6ff409ee70b4af546a48bae311865c2ef18ca134b7acaad5e1216602a4fc48168a2b9461a75f3b082428b3a323b2e409df784df5010f09a21
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-