General
-
Target
file.exe
-
Size
455KB
-
Sample
220906-m5nsdahaem
-
MD5
f49c53f6a78d46c685089c8191a4caba
-
SHA1
f9672f8cbe10643dc6e89733c24e82e62adec928
-
SHA256
b1875400f6f240321a2d3e23ad0fd8ef4234d80c57c3b151f28f98fde13ab623
-
SHA512
c770e45d3564bdaad75e7d105c0a8e56c73c1de9af58911cfa69e246c604952549e3c057fb922d8f8e115719856bd4e91ca71a441c5dc477d854752ba42ce7f3
-
SSDEEP
12288:3QdeoMG76PnDMFXt9xz0cACEvvAORbzcAwoMu9:36edG78Mj9xBACEgtAw+9
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@forceddd_lzt
5.182.36.101:31305
-
auth_value
91ffc3d776bc56b5c410d1adf5648512
Targets
-
-
Target
file.exe
-
Size
455KB
-
MD5
f49c53f6a78d46c685089c8191a4caba
-
SHA1
f9672f8cbe10643dc6e89733c24e82e62adec928
-
SHA256
b1875400f6f240321a2d3e23ad0fd8ef4234d80c57c3b151f28f98fde13ab623
-
SHA512
c770e45d3564bdaad75e7d105c0a8e56c73c1de9af58911cfa69e246c604952549e3c057fb922d8f8e115719856bd4e91ca71a441c5dc477d854752ba42ce7f3
-
SSDEEP
12288:3QdeoMG76PnDMFXt9xz0cACEvvAORbzcAwoMu9:36edG78Mj9xBACEgtAw+9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-