General
-
Target
file.exe
-
Size
2.4MB
-
Sample
220831-l3dzqacehp
-
MD5
fa6fcc58968ab07ee3ba390244209ddf
-
SHA1
7e2026fed85388aad0af7d4126a8f86709602585
-
SHA256
392049ce2edacaef91a29eb0ef2b7b9927a82550b592dedf725a33b6cfdd2381
-
SHA512
766d4c2b4d2746977dbe4568ac21bc790983f52ef902d12a6ea1f7de6527f344a8568da7176eff313854bbee653fe4b14e5bea3cd534175f47b29a2e98abdcbe
-
SSDEEP
24576:sTP7oYRYe8v2zJMfjoXDr3n6he4wouVPP1NFKvu8NLFTl3RuQ55313h:sTP3rKXutXFKvu8NBl3n
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
ruzki
janolavave.xyz:80
-
auth_value
8d87105ec975d521a7eca8c88cdec737
Targets
-
-
Target
file.exe
-
Size
2.4MB
-
MD5
fa6fcc58968ab07ee3ba390244209ddf
-
SHA1
7e2026fed85388aad0af7d4126a8f86709602585
-
SHA256
392049ce2edacaef91a29eb0ef2b7b9927a82550b592dedf725a33b6cfdd2381
-
SHA512
766d4c2b4d2746977dbe4568ac21bc790983f52ef902d12a6ea1f7de6527f344a8568da7176eff313854bbee653fe4b14e5bea3cd534175f47b29a2e98abdcbe
-
SSDEEP
24576:sTP7oYRYe8v2zJMfjoXDr3n6he4wouVPP1NFKvu8NLFTl3RuQ55313h:sTP3rKXutXFKvu8NBl3n
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-