General
-
Target
B496D857BBBEF7E54FB21211543F3773D0217531F45E5AE8F781A6A2105BD9CE
-
Size
2.5MB
-
Sample
220812-bwfjvshde3
-
MD5
7e14b59e3e02f958d30d433d049ba87f
-
SHA1
56654f6eef3439ee707338b67fdcfffa371dff6c
-
SHA256
b496d857bbbef7e54fb21211543f3773d0217531f45e5ae8f781a6a2105bd9ce
-
SHA512
f600e6ce13bc5f8f510ff3dfaf7bb565adce02132e411e0aafbfe7284b109a46b7eee6be339b8041fdc1d2f0e64e8280611053394cd0c1f3c9166c9c0141242a
Static task
static1
Behavioral task
behavioral1
Sample
B496D857BBBEF7E54FB21211543F3773D0217531F45E5AE8F781A6A2105BD9CE.exe
Resource
win7-20220718-en
Malware Config
Extracted
redline
185.215.113.83:60722
-
auth_value
d6602ca99e3633ec2776f94702ca62f2
Targets
-
-
Target
B496D857BBBEF7E54FB21211543F3773D0217531F45E5AE8F781A6A2105BD9CE
-
Size
2.5MB
-
MD5
7e14b59e3e02f958d30d433d049ba87f
-
SHA1
56654f6eef3439ee707338b67fdcfffa371dff6c
-
SHA256
b496d857bbbef7e54fb21211543f3773d0217531f45e5ae8f781a6a2105bd9ce
-
SHA512
f600e6ce13bc5f8f510ff3dfaf7bb565adce02132e411e0aafbfe7284b109a46b7eee6be339b8041fdc1d2f0e64e8280611053394cd0c1f3c9166c9c0141242a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-