General
-
Target
0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
-
Size
139KB
-
Sample
220820-16hveabhc7
-
MD5
cd025972c4df727a0fce903a1209c627
-
SHA1
cc14e518cafcc81c3c44384c491f1ee7634aef37
-
SHA256
0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
-
SHA512
af2c4ddc79dc98eefa65ccd5aac13918f97fcdb2857b4a344d3ca3e3277579387f13642894a8e561e88c713f3d56965673453e68d7cfb33bbaa9568e2b2dc03d
-
SSDEEP
3072:TdVerLRIKM5kjqpoT+LZxmVm0rlAZD623ld354jjvNmu:h+FwkO6+6VLrlcld3mjjB
Static task
static1
Behavioral task
behavioral1
Sample
0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
a1
65.21.133.231:47430
-
auth_value
b7563e1c5afab74eb0301a1cb2907974
Targets
-
-
Target
0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
-
Size
139KB
-
MD5
cd025972c4df727a0fce903a1209c627
-
SHA1
cc14e518cafcc81c3c44384c491f1ee7634aef37
-
SHA256
0ae70b2fd3eb1c5f9db020f03f183863be0a753ba97921152092e7cd4eed4d38
-
SHA512
af2c4ddc79dc98eefa65ccd5aac13918f97fcdb2857b4a344d3ca3e3277579387f13642894a8e561e88c713f3d56965673453e68d7cfb33bbaa9568e2b2dc03d
-
SSDEEP
3072:TdVerLRIKM5kjqpoT+LZxmVm0rlAZD623ld354jjvNmu:h+FwkO6+6VLrlcld3mjjB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-