General
-
Target
f187b170f2d586038f73311d31f879c574b2a6aef8e41e776a5ba3710484338b
-
Size
4.7MB
-
Sample
220815-fekvgaedfr
-
MD5
f4ee53801ab804bfdc50d03daaf50595
-
SHA1
c9748bca6c56c59280052b89a2d2a69ef348fdfa
-
SHA256
f187b170f2d586038f73311d31f879c574b2a6aef8e41e776a5ba3710484338b
-
SHA512
72ee2ccb2e520f2cd9a54217ba85c1228529cb2ae7e103e0f3892a5910b9b29d54d7b427029bfc624b091b391e88eac906eb9305873972ba89ea1d507ca3ef98
Static task
static1
Behavioral task
behavioral1
Sample
f187b170f2d586038f73311d31f879c574b2a6aef8e41e776a5ba3710484338b.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
s32
185.106.92.56:48079
-
auth_value
9ad5135eac94b69fb550f1f6a2c7e142
Targets
-
-
Target
f187b170f2d586038f73311d31f879c574b2a6aef8e41e776a5ba3710484338b
-
Size
4.7MB
-
MD5
f4ee53801ab804bfdc50d03daaf50595
-
SHA1
c9748bca6c56c59280052b89a2d2a69ef348fdfa
-
SHA256
f187b170f2d586038f73311d31f879c574b2a6aef8e41e776a5ba3710484338b
-
SHA512
72ee2ccb2e520f2cd9a54217ba85c1228529cb2ae7e103e0f3892a5910b9b29d54d7b427029bfc624b091b391e88eac906eb9305873972ba89ea1d507ca3ef98
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-