General
-
Target
file.exe
-
Size
434KB
-
Sample
220905-pp2qeaghgl
-
MD5
a02c32933a9afef8c2c3f624d8e0a50c
-
SHA1
0e91dc7fe61aaab801c8492fcbaf623090c31ab8
-
SHA256
7110b169b91367725a879b62e6a678126757daf30a942e55ad6b8fee54a446db
-
SHA512
e3f7ba98fbb8bc2042b957a432bdda3159bcfee8779c60e297a5d650e6b005ebe3f645140d9c2beef5dd1dbecfad47c0c2bb2c97a2ee80b56a7e4e0b485a2696
-
SSDEEP
6144:NlRF9a28qZ/8zBuMEaBChkJGRwfqUKDPp5xI/nG7:1fP8Y88MEawk/nI
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
nam6.1
103.89.90.61:34589
-
auth_value
5a3c8b8880f6d03e2acaaa0ba12776e3
Targets
-
-
Target
file.exe
-
Size
434KB
-
MD5
a02c32933a9afef8c2c3f624d8e0a50c
-
SHA1
0e91dc7fe61aaab801c8492fcbaf623090c31ab8
-
SHA256
7110b169b91367725a879b62e6a678126757daf30a942e55ad6b8fee54a446db
-
SHA512
e3f7ba98fbb8bc2042b957a432bdda3159bcfee8779c60e297a5d650e6b005ebe3f645140d9c2beef5dd1dbecfad47c0c2bb2c97a2ee80b56a7e4e0b485a2696
-
SSDEEP
6144:NlRF9a28qZ/8zBuMEaBChkJGRwfqUKDPp5xI/nG7:1fP8Y88MEawk/nI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-