General
-
Target
file.exe
-
Size
2.4MB
-
Sample
220830-kq1ghseeep
-
MD5
7f0b957f1ace065fb1fe2419efc7b217
-
SHA1
f755d302d8e14e072ef6dc5a6d3f4d300eefe76e
-
SHA256
1365e7708c818aa8a3cbed2a295ce2d585c654d80b78b1e5b3af9f30c654a4fa
-
SHA512
b91fa0ef1dea5b367c499ed17837ab8f9adfa5b4402bff5d9bfc569d3ae2ce2a85dc59c04accb15a1fe57a3f308f40dad97f089f329faa97beae829ad5e64ffa
-
SSDEEP
24576:4BIOHYWYBzmqY1M99o6erpCR16n0o+93FpeUk20AbJjLyuNEYBLul3RuQ55313U:4BIW3X0o+JFpef20AbJjAl3O
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
ruzki
185.241.54.113:31049
-
auth_value
beff5419044317cfc16dabbe118f4644
Targets
-
-
Target
file.exe
-
Size
2.4MB
-
MD5
7f0b957f1ace065fb1fe2419efc7b217
-
SHA1
f755d302d8e14e072ef6dc5a6d3f4d300eefe76e
-
SHA256
1365e7708c818aa8a3cbed2a295ce2d585c654d80b78b1e5b3af9f30c654a4fa
-
SHA512
b91fa0ef1dea5b367c499ed17837ab8f9adfa5b4402bff5d9bfc569d3ae2ce2a85dc59c04accb15a1fe57a3f308f40dad97f089f329faa97beae829ad5e64ffa
-
SSDEEP
24576:4BIOHYWYBzmqY1M99o6erpCR16n0o+93FpeUk20AbJjLyuNEYBLul3RuQ55313U:4BIW3X0o+JFpef20AbJjAl3O
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-