General
-
Target
Discord.exe
-
Size
175KB
-
Sample
220810-n3r8fsbgb7
-
MD5
b276d1d3b95d8c2f813c52031b583aae
-
SHA1
7b7d8c4eeb1d0e3b3e95c2bfa5c4e168ae080d21
-
SHA256
30da9c07f704aaf5052ca6f40dd0db10b98221b7d6ebdca493298956260bd151
-
SHA512
deeb3f0a54f1714a9636c71a8b070c17deefcb06fd530951cdb121aefef94bdede4a3404ced4bdd4368bc99a7f1438ae175c063ea335ba895dd6cb383cf31f06
Static task
static1
Behavioral task
behavioral1
Sample
Discord.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
Discord.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
redline
word
81.19.141.20:31338
-
auth_value
3f5c83b2e97fa6c2f6a051fc94b43620
Targets
-
-
Target
Discord.exe
-
Size
175KB
-
MD5
b276d1d3b95d8c2f813c52031b583aae
-
SHA1
7b7d8c4eeb1d0e3b3e95c2bfa5c4e168ae080d21
-
SHA256
30da9c07f704aaf5052ca6f40dd0db10b98221b7d6ebdca493298956260bd151
-
SHA512
deeb3f0a54f1714a9636c71a8b070c17deefcb06fd530951cdb121aefef94bdede4a3404ced4bdd4368bc99a7f1438ae175c063ea335ba895dd6cb383cf31f06
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Often Ransomware samples write a note containing information on how to pay the ransom.
Often Ransomware samples write a note containing information on how to pay the ransom.
-
Suspicious use of SetThreadContext
-