General
-
Target
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
-
Size
1.6MB
-
Sample
220705-17f27sfee7
-
MD5
172b15079b00399010648f9474f8e0b6
-
SHA1
931da4fc406d9242a298e86fb818eed29bff8047
-
SHA256
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
-
SHA512
8e0912393441a0e5863b5097943de3d099d2b3f3f32c1425a524fe2c5f61caffe3887f7c9c14fb9b0cdded5357174001dc3307c817c80a6a4566715a588874e8
Static task
static1
Behavioral task
behavioral1
Sample
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
SUBZERO
185.215.113.217:19618
-
auth_value
019ff2a82025cde517e4466362191205
Targets
-
-
Target
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
-
Size
1.6MB
-
MD5
172b15079b00399010648f9474f8e0b6
-
SHA1
931da4fc406d9242a298e86fb818eed29bff8047
-
SHA256
16c297a32f4883adf8de4d8d3d2ef4ca3714fa09260065a0ae6fb76a08f27261
-
SHA512
8e0912393441a0e5863b5097943de3d099d2b3f3f32c1425a524fe2c5f61caffe3887f7c9c14fb9b0cdded5357174001dc3307c817c80a6a4566715a588874e8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-