General
-
Target
980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
-
Size
2.4MB
-
Sample
220705-3jqmvaecfp
-
MD5
57201fbd801fd4c98772aa34d60a44ce
-
SHA1
f54e549937f92c9fd68d537105e007e799549374
-
SHA256
980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
-
SHA512
851f6d6241af1765b0894a0f4b33e1f83f538d21bd19feb3fc5b07a37167387f816ba44dc02ed0192c1bb9fdffb42d7d525ebcddebb65a1e891cfeb9d2a036e2
Static task
static1
Behavioral task
behavioral1
Sample
980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
141.95.140.173:33470
-
auth_value
6d9508e5573e656e0dc3c4c5f8526d8e
Targets
-
-
Target
980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
-
Size
2.4MB
-
MD5
57201fbd801fd4c98772aa34d60a44ce
-
SHA1
f54e549937f92c9fd68d537105e007e799549374
-
SHA256
980735eeb5ec92f91ab59a448a925925369292204d70c0d88db028265e1b8172
-
SHA512
851f6d6241af1765b0894a0f4b33e1f83f538d21bd19feb3fc5b07a37167387f816ba44dc02ed0192c1bb9fdffb42d7d525ebcddebb65a1e891cfeb9d2a036e2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-