General
-
Target
0c35a9ba848af55c69574a6676896167.exe
-
Size
1.1MB
-
Sample
220827-1ahjrshca9
-
MD5
0c35a9ba848af55c69574a6676896167
-
SHA1
5f4a15cb4749755d7b3e0c87523436e57ca616bd
-
SHA256
e44039074cefd09367970c1bd8be052e4ce4cbebd7bdeaa3b495391def0fb2f9
-
SHA512
28af24c6446fc191f51e31cfdec8d9747bde56ec0ac3c24e0a09293a08d007f2f9dc049f5faacf8ad51fdca2206f87041bb4e0c501ed1dad2a990ab07dae246a
-
SSDEEP
24576:U5SrEl6dNKcxhY6YKTXGsDgMfadq8o/Dl6SkJGAMBU:UMSc8grl6SkBMB
Static task
static1
Behavioral task
behavioral1
Sample
0c35a9ba848af55c69574a6676896167.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
185.215.113.55:15912
-
auth_value
9e9ec97701fcb6c8d3b5dd97294bcfa9
Targets
-
-
Target
0c35a9ba848af55c69574a6676896167.exe
-
Size
1.1MB
-
MD5
0c35a9ba848af55c69574a6676896167
-
SHA1
5f4a15cb4749755d7b3e0c87523436e57ca616bd
-
SHA256
e44039074cefd09367970c1bd8be052e4ce4cbebd7bdeaa3b495391def0fb2f9
-
SHA512
28af24c6446fc191f51e31cfdec8d9747bde56ec0ac3c24e0a09293a08d007f2f9dc049f5faacf8ad51fdca2206f87041bb4e0c501ed1dad2a990ab07dae246a
-
SSDEEP
24576:U5SrEl6dNKcxhY6YKTXGsDgMfadq8o/Dl6SkJGAMBU:UMSc8grl6SkBMB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-