General
-
Target
file.exe
-
Size
478KB
-
Sample
220905-tx3pwseeg5
-
MD5
e064338389131dcafb6d2c553b1ec8a1
-
SHA1
ddb8ce5cb4fa41495447d11e1599e11ac1852641
-
SHA256
38663115c885ea321a79fa5a1d57a0ba2c5522b305b7d38884fcd64619e77c31
-
SHA512
6a86a996b4aa665829fabd36e7048f39c4d4f5ec37d2b33ee5f9445ba290e99110fe0cb86e31e857c2eef0451b5ba0a9342124d2451cfd107f5e667ea55f33e3
-
SSDEEP
12288:zrBpy8En8nWTMn0HlUwfQKgI3/lRWqbBiG0:zrBw8EnMWTJr4KX/3J0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@forceddd_lzt
5.182.36.101:31305
-
auth_value
91ffc3d776bc56b5c410d1adf5648512
Targets
-
-
Target
file.exe
-
Size
478KB
-
MD5
e064338389131dcafb6d2c553b1ec8a1
-
SHA1
ddb8ce5cb4fa41495447d11e1599e11ac1852641
-
SHA256
38663115c885ea321a79fa5a1d57a0ba2c5522b305b7d38884fcd64619e77c31
-
SHA512
6a86a996b4aa665829fabd36e7048f39c4d4f5ec37d2b33ee5f9445ba290e99110fe0cb86e31e857c2eef0451b5ba0a9342124d2451cfd107f5e667ea55f33e3
-
SSDEEP
12288:zrBpy8En8nWTMn0HlUwfQKgI3/lRWqbBiG0:zrBw8EnMWTJr4KX/3J0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-