General
-
Target
3187dcf3d06042f0bd54cfe079c3ad96.exe
-
Size
1.6MB
-
Sample
220831-tj3gzageek
-
MD5
3187dcf3d06042f0bd54cfe079c3ad96
-
SHA1
d69d3e7984a2e63b5ec63a8725e1f70c49586627
-
SHA256
e1d4a0bd77394f67190a815b78aeb69f7edcde10cc44717edf996f5f11582292
-
SHA512
77dde22a43624be76e48011faf68cb12bc5c804597ebcc48cec2ba8450f9ef8a8a2c43855aaf5fa8ce09a05830656efa0948d700ef90b59ff8139d573249295b
-
SSDEEP
3072:trVROwHd69lguu8oNF4xIuLN+GyYj4Q73I1s6IoTmUVNYNESKaTqZ:trnuvVtLN1yYsQ7YWJELEzKa0
Static task
static1
Behavioral task
behavioral1
Sample
3187dcf3d06042f0bd54cfe079c3ad96.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3187dcf3d06042f0bd54cfe079c3ad96.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
youtube
185.106.93.43:7216
-
auth_value
a5851184235bcc2224bef296c88bae7d
Targets
-
-
Target
3187dcf3d06042f0bd54cfe079c3ad96.exe
-
Size
1.6MB
-
MD5
3187dcf3d06042f0bd54cfe079c3ad96
-
SHA1
d69d3e7984a2e63b5ec63a8725e1f70c49586627
-
SHA256
e1d4a0bd77394f67190a815b78aeb69f7edcde10cc44717edf996f5f11582292
-
SHA512
77dde22a43624be76e48011faf68cb12bc5c804597ebcc48cec2ba8450f9ef8a8a2c43855aaf5fa8ce09a05830656efa0948d700ef90b59ff8139d573249295b
-
SSDEEP
3072:trVROwHd69lguu8oNF4xIuLN+GyYj4Q73I1s6IoTmUVNYNESKaTqZ:trnuvVtLN1yYsQ7YWJELEzKa0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-