General
-
Target
02b6456358245fc043c25fa3979fda5f
-
Size
309KB
-
Sample
220707-f9gfjadggm
-
MD5
02b6456358245fc043c25fa3979fda5f
-
SHA1
caea517ae65d5b8ca6710639da8ca459917f9e80
-
SHA256
fbc6f264adc7ddcddbcf04b7f3eb6781fb4787a7b45d6d46f8c6d4c12f32728a
-
SHA512
2ae6c601e72ab2c849d9e6a69fbfcd54a2e036a5a962c04c88dcd39aefc64e3f3f694729fe36e203852388260d78bb0b529f4ff11c97a5790396897c7875e7c7
Static task
static1
Behavioral task
behavioral1
Sample
Quote.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quote.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
brain
45.133.174.85:16428
Targets
-
-
Target
Quote.exe
-
Size
529KB
-
MD5
8522edb3ecbd62f22edad41e0e88f065
-
SHA1
405c760447a7eb8974903b755d92cd96863baf03
-
SHA256
87f8b3c65966cea692dffcafcb016706fa1bfcdfb5737b1d09a08e9455e7a99a
-
SHA512
2f17456c3758e8da623410ba6c77bad359659ace69355d52926070c028fb6afea13eff7b2c521682d753cafb4ef76b5e0d39609b2937c28c8f1c078ea962df6b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-