General
-
Target
file
-
Size
2.1MB
-
Sample
220830-rm9dksbff6
-
MD5
9446abe977ec57f6867473cbc7957742
-
SHA1
fa48618ff1c48bde09aef7fabec4570e8ea04436
-
SHA256
7303632a095187beee69774d18aa47d42e49eaa09c63734f1110942ee0c87a14
-
SHA512
18f3cf9e0df7ca26d93a92a80a452b83d1f5fded788fe57e1b246ae6cc280cf9a3204f03cdd5f6ac54530102fbeec9cebeba18de4139304e2922d6fd59dbd409
-
SSDEEP
24576:WetIOFYAYdzi96rM/Wo6erbgt16SDslT49pAm7lau4Cz4gEKL9IQl3RuQ55313X:WQIji+Dsls9qA0u424gEKDl3V
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@forceddd_lzt
5.182.36.101:31305
-
auth_value
91ffc3d776bc56b5c410d1adf5648512
Targets
-
-
Target
file
-
Size
2.1MB
-
MD5
9446abe977ec57f6867473cbc7957742
-
SHA1
fa48618ff1c48bde09aef7fabec4570e8ea04436
-
SHA256
7303632a095187beee69774d18aa47d42e49eaa09c63734f1110942ee0c87a14
-
SHA512
18f3cf9e0df7ca26d93a92a80a452b83d1f5fded788fe57e1b246ae6cc280cf9a3204f03cdd5f6ac54530102fbeec9cebeba18de4139304e2922d6fd59dbd409
-
SSDEEP
24576:WetIOFYAYdzi96rM/Wo6erbgt16SDslT49pAm7lau4Cz4gEKL9IQl3RuQ55313X:WQIji+Dsls9qA0u424gEKDl3V
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-