General
-
Target
e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
-
Size
4.5MB
-
Sample
220831-mme3hseeg8
-
MD5
42b6ddf282a3cafbd3b9938b9242ca2f
-
SHA1
1dc9c7b02cae370032b04aff89f87880e09130dc
-
SHA256
e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
-
SHA512
b87b81d2e7e44031a68740aa391dfca93121adfdb2a9bad055c5f7f0e9bc615e4814f6efea011c9b04a7d15952a42a082c62be2ba02f582af8831cfbab5c552a
-
SSDEEP
98304:Ed7q/35VJNaUM9LC65bKPGFNW9d50IXDvPyakR3Iauu:Em35PNat9G6lKPu40ePya9auu
Static task
static1
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
81be690af280fd9c9e7c951600742654
Targets
-
-
Target
e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
-
Size
4.5MB
-
MD5
42b6ddf282a3cafbd3b9938b9242ca2f
-
SHA1
1dc9c7b02cae370032b04aff89f87880e09130dc
-
SHA256
e2b835bdb5ab7558876936d5334028654507afd40176244ccd367d56b5c2d45d
-
SHA512
b87b81d2e7e44031a68740aa391dfca93121adfdb2a9bad055c5f7f0e9bc615e4814f6efea011c9b04a7d15952a42a082c62be2ba02f582af8831cfbab5c552a
-
SSDEEP
98304:Ed7q/35VJNaUM9LC65bKPGFNW9d50IXDvPyakR3Iauu:Em35PNat9G6lKPu40ePya9auu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-