General
-
Target
3a3c096118818ef28420da1a07e93fd8664528d7d2d217334b8fb4fbb5f8ffa5
-
Size
2.4MB
-
Sample
220706-q4l4yafdg5
-
MD5
e4f8eb7e01eb50044323a07cbe4314fa
-
SHA1
5f81b0be101ff7d8e5eecfe6f1c33a963fcf4930
-
SHA256
3a3c096118818ef28420da1a07e93fd8664528d7d2d217334b8fb4fbb5f8ffa5
-
SHA512
e96d0574f614c9d10c06e5229b9795fe76dbf0d568876742b053e924bd240ec3c93695bbcffba7a81cc123af9ae7c5bd3f6b21aec0af983a46d6149f9464e6ce
Static task
static1
Behavioral task
behavioral1
Sample
3a3c096118818ef28420da1a07e93fd8664528d7d2d217334b8fb4fbb5f8ffa5.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
141.95.140.173:33470
-
auth_value
6d9508e5573e656e0dc3c4c5f8526d8e
Targets
-
-
Target
3a3c096118818ef28420da1a07e93fd8664528d7d2d217334b8fb4fbb5f8ffa5
-
Size
2.4MB
-
MD5
e4f8eb7e01eb50044323a07cbe4314fa
-
SHA1
5f81b0be101ff7d8e5eecfe6f1c33a963fcf4930
-
SHA256
3a3c096118818ef28420da1a07e93fd8664528d7d2d217334b8fb4fbb5f8ffa5
-
SHA512
e96d0574f614c9d10c06e5229b9795fe76dbf0d568876742b053e924bd240ec3c93695bbcffba7a81cc123af9ae7c5bd3f6b21aec0af983a46d6149f9464e6ce
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-