General
-
Target
Setup.exe
-
Size
2.4MB
-
Sample
220705-xn7h9scacn
-
MD5
c9b79e63143ac743664bdbf3065d5611
-
SHA1
f86b7bf311a24bc380ceb1a53a9abf21d27c660b
-
SHA256
474a43af09858dc6fcc25e94a1bac0cf4cf6ae55ae0903f412480ff3d134083d
-
SHA512
24846d99de6efc6597e811abcf928ee8dc5e641185b110e7f2a18f5818e3dee5d934203aac0f3dd05f7d9a364bdaf0a09a7cc4d7957d94a728d95f93d874ffda
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
easyv14
135.181.81.197:28959
-
auth_value
469f9d12a65c559c10a9629a287f5ba6
Targets
-
-
Target
Setup.exe
-
Size
2.4MB
-
MD5
c9b79e63143ac743664bdbf3065d5611
-
SHA1
f86b7bf311a24bc380ceb1a53a9abf21d27c660b
-
SHA256
474a43af09858dc6fcc25e94a1bac0cf4cf6ae55ae0903f412480ff3d134083d
-
SHA512
24846d99de6efc6597e811abcf928ee8dc5e641185b110e7f2a18f5818e3dee5d934203aac0f3dd05f7d9a364bdaf0a09a7cc4d7957d94a728d95f93d874ffda
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-