General
-
Target
a30a6f20ae2f11f3772bc432e2e250a5.exe
-
Size
231KB
-
Sample
220818-txhdysbhc5
-
MD5
a30a6f20ae2f11f3772bc432e2e250a5
-
SHA1
84339c3be40961ef6d428c121d684a2030af31eb
-
SHA256
f6d1c706c9d22c238e84f72002021761854f8057efc8aae09e68a31ddeba8dea
-
SHA512
3df0aa4fab8d6ec05764c62e8087c9f331a97c2ea96d2fd7382794251bdafaf15e8a071873483fdd1b5ee211e5b1188bde7b8f0f7a5e234730d54d7eb413d690
-
SSDEEP
6144:Vc2iJn3wstoZ4FJxYA3aLhMYfdiT2NG/U:VM3wstoZqxYEadMYFNG/U
Static task
static1
Behavioral task
behavioral1
Sample
a30a6f20ae2f11f3772bc432e2e250a5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a30a6f20ae2f11f3772bc432e2e250a5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
4
193.233.193.57:80
-
auth_value
a0a13fc8b3691ebae81390bbce97b2c3
Targets
-
-
Target
a30a6f20ae2f11f3772bc432e2e250a5.exe
-
Size
231KB
-
MD5
a30a6f20ae2f11f3772bc432e2e250a5
-
SHA1
84339c3be40961ef6d428c121d684a2030af31eb
-
SHA256
f6d1c706c9d22c238e84f72002021761854f8057efc8aae09e68a31ddeba8dea
-
SHA512
3df0aa4fab8d6ec05764c62e8087c9f331a97c2ea96d2fd7382794251bdafaf15e8a071873483fdd1b5ee211e5b1188bde7b8f0f7a5e234730d54d7eb413d690
-
SSDEEP
6144:Vc2iJn3wstoZ4FJxYA3aLhMYfdiT2NG/U:VM3wstoZqxYEadMYFNG/U
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-