General
-
Target
build.exe
-
Size
749KB
-
Sample
220724-mezf7acfbj
-
MD5
74d576ac5cece8a26c6f8b4d680b92ac
-
SHA1
d3b548dd7768df2c1bf4bd210db836a1de177c5a
-
SHA256
ebb1e9350348d5a786c7449edb946df5a7061f75bab0fd49a2a7ca31198d0e30
-
SHA512
bc679bd4897a3583ad9444c6c5072893c07ad835bf2a89cf1c61426b65eee3c48677977ab34b4950bdc136829b97a860dfb70ececd97f800d41b2efb304c1ef8
Static task
static1
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
build
85.208.184.106:14431
Targets
-
-
Target
build.exe
-
Size
749KB
-
MD5
74d576ac5cece8a26c6f8b4d680b92ac
-
SHA1
d3b548dd7768df2c1bf4bd210db836a1de177c5a
-
SHA256
ebb1e9350348d5a786c7449edb946df5a7061f75bab0fd49a2a7ca31198d0e30
-
SHA512
bc679bd4897a3583ad9444c6c5072893c07ad835bf2a89cf1c61426b65eee3c48677977ab34b4950bdc136829b97a860dfb70ececd97f800d41b2efb304c1ef8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-