General
-
Target
35c49be50ee812f67d0dfec60a4a33f5.exe
-
Size
2.5MB
-
Sample
220725-pawkvahgc9
-
MD5
35c49be50ee812f67d0dfec60a4a33f5
-
SHA1
d35d414efae9769034d85e38bad1ef83807e4f9d
-
SHA256
e602e5bd357eeadbc88332bf07d9809672de342869822b38e4025c1246c62308
-
SHA512
b3f36084ca40ae6c28768aba0928c99bb3322c09ccc70d2c023230769c5b31810a5061b41f4339bf51079e250d34e86188ea0d93d6328da65775558630cb3e7b
Static task
static1
Behavioral task
behavioral1
Sample
35c49be50ee812f67d0dfec60a4a33f5.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
35c49be50ee812f67d0dfec60a4a33f5.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
30
46.18.107.151:28631
-
auth_value
d51779b1aa0d36e9f23fbe5d548aa322
Targets
-
-
Target
35c49be50ee812f67d0dfec60a4a33f5.exe
-
Size
2.5MB
-
MD5
35c49be50ee812f67d0dfec60a4a33f5
-
SHA1
d35d414efae9769034d85e38bad1ef83807e4f9d
-
SHA256
e602e5bd357eeadbc88332bf07d9809672de342869822b38e4025c1246c62308
-
SHA512
b3f36084ca40ae6c28768aba0928c99bb3322c09ccc70d2c023230769c5b31810a5061b41f4339bf51079e250d34e86188ea0d93d6328da65775558630cb3e7b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-