General
-
Target
a96950e973081e1145547d3c5bcac94f.exe
-
Size
2.5MB
-
Sample
220731-q5s9mshagp
-
MD5
a96950e973081e1145547d3c5bcac94f
-
SHA1
3d72c767397db4498a4ab7cda505f8a1fcc7ba4b
-
SHA256
2ee10299431f2d13208b63912ca6482751c013dc18f0b9245562d758a62af912
-
SHA512
c824a162d019b0c272c14b3bfa5cc75d8ca8662025c36358194f84163b95f95b5263b64da5c7e1e942d395a438f3d1d8843319f479d9f7a99cf190d7114ee03a
Static task
static1
Behavioral task
behavioral1
Sample
a96950e973081e1145547d3c5bcac94f.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
a96950e973081e1145547d3c5bcac94f.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
top1
pemararslava.xyz:80
-
auth_value
e3ff30d1ffe0ffdb11211b351a0179a1
Targets
-
-
Target
a96950e973081e1145547d3c5bcac94f.exe
-
Size
2.5MB
-
MD5
a96950e973081e1145547d3c5bcac94f
-
SHA1
3d72c767397db4498a4ab7cda505f8a1fcc7ba4b
-
SHA256
2ee10299431f2d13208b63912ca6482751c013dc18f0b9245562d758a62af912
-
SHA512
c824a162d019b0c272c14b3bfa5cc75d8ca8662025c36358194f84163b95f95b5263b64da5c7e1e942d395a438f3d1d8843319f479d9f7a99cf190d7114ee03a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-