General
-
Target
file
-
Size
400KB
-
Sample
220822-skk4mshebq
-
MD5
fc71204fcbc5b045fc012e24511eb638
-
SHA1
3bbe58da84cd02356f323fa5be1d433ae4ecd299
-
SHA256
3e3a73aea9495c7411a333fd99b00b2fe476894e7c3ac4486bcd1ca97cfcbfc0
-
SHA512
07c381bde3b1e3863d8d22e6c37208f084e6d41de3d46ccbbfec4e31f857774b2ef055875e947d02a7bff2e60a49515576a1664dc6b0047439424149e04b8c84
-
SSDEEP
6144:dznqQNZgP4N2rJrx3wue4RwfqUKDPi5xo/nYH:NnqQNMte7I/nS
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
nam6.1
103.89.90.61:34589
-
auth_value
b5784d2217d2fd4ce7dab9bdb9fcaa62
Targets
-
-
Target
file
-
Size
400KB
-
MD5
fc71204fcbc5b045fc012e24511eb638
-
SHA1
3bbe58da84cd02356f323fa5be1d433ae4ecd299
-
SHA256
3e3a73aea9495c7411a333fd99b00b2fe476894e7c3ac4486bcd1ca97cfcbfc0
-
SHA512
07c381bde3b1e3863d8d22e6c37208f084e6d41de3d46ccbbfec4e31f857774b2ef055875e947d02a7bff2e60a49515576a1664dc6b0047439424149e04b8c84
-
SSDEEP
6144:dznqQNZgP4N2rJrx3wue4RwfqUKDPi5xo/nYH:NnqQNMte7I/nS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-