General
-
Target
93b5fa6fdf4b982c8161b242da80e59b.exe
-
Size
2.5MB
-
Sample
220713-dpmeyahdar
-
MD5
93b5fa6fdf4b982c8161b242da80e59b
-
SHA1
c67f2268e8678b6cc837e8eab120d0da898edaa7
-
SHA256
0ed0194085bd8a4199c2dd7f856f34af5d7e51b7f5a4aac7ce2b29d260acc116
-
SHA512
6cf3575f85c8e2699d8af487a03d71ae7b95f677bf637b77523cd9df53923d98f714419e2808953f340f9166099ef25866b3fc3d3a62321658c72d869d521cdc
Static task
static1
Behavioral task
behavioral1
Sample
93b5fa6fdf4b982c8161b242da80e59b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
93b5fa6fdf4b982c8161b242da80e59b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
ruz
185.106.92.128:16976
-
auth_value
b5178f81ea8830c13e88c402dccf09f0
Targets
-
-
Target
93b5fa6fdf4b982c8161b242da80e59b.exe
-
Size
2.5MB
-
MD5
93b5fa6fdf4b982c8161b242da80e59b
-
SHA1
c67f2268e8678b6cc837e8eab120d0da898edaa7
-
SHA256
0ed0194085bd8a4199c2dd7f856f34af5d7e51b7f5a4aac7ce2b29d260acc116
-
SHA512
6cf3575f85c8e2699d8af487a03d71ae7b95f677bf637b77523cd9df53923d98f714419e2808953f340f9166099ef25866b3fc3d3a62321658c72d869d521cdc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-