General
-
Target
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944
-
Size
1.6MB
-
Sample
220706-17tcjacaa7
-
MD5
08368d481bb00407dd744349ce9653a7
-
SHA1
cf1210eca1029d0eb9f9fb792619ad57bbdb0180
-
SHA256
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944
-
SHA512
51971b4d8887a0391f6256c85051665a3ae7dd944c7bc4485959b36498f8e3f2ac401eccd2954f6a20b3ffb827406d554499b28a64f525fa7324dd65f9dd5e77
Static task
static1
Behavioral task
behavioral1
Sample
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
SUBZERO
185.215.113.217:19618
-
auth_value
019ff2a82025cde517e4466362191205
Targets
-
-
Target
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944
-
Size
1.6MB
-
MD5
08368d481bb00407dd744349ce9653a7
-
SHA1
cf1210eca1029d0eb9f9fb792619ad57bbdb0180
-
SHA256
6f47a63c27a7b43f0e02519f48775a6c4ea7ecaa3100a9aced76818886551944
-
SHA512
51971b4d8887a0391f6256c85051665a3ae7dd944c7bc4485959b36498f8e3f2ac401eccd2954f6a20b3ffb827406d554499b28a64f525fa7324dd65f9dd5e77
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-