General
-
Target
0b631c4fb431d496b31c1381376f7e70.exe
-
Size
1.3MB
-
Sample
220917-e7874ahbd2
-
MD5
0b631c4fb431d496b31c1381376f7e70
-
SHA1
48f24368aefd0f53a418627a2e36a05fcd391ac5
-
SHA256
b3f2f31bff8ef9370d05c3b1f0ac28acd50870e35f20c96e8336585d8a3a97a4
-
SHA512
6f7aa06358f836777dd8fa886a51145a0b46fac485423a3b4e0a8f7d7e54c75710296ef288f31f3271f00349fa1d34787a7b536f2488d46f79dbbf4a36050a41
-
SSDEEP
24576:imHhScn10aEUYTYmhYvrYIMLFdC8uuIRsFIT3LS:imBScn10a3FdRsFIT3L
Static task
static1
Behavioral task
behavioral1
Sample
0b631c4fb431d496b31c1381376f7e70.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
0b631c4fb431d496b31c1381376f7e70.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
5
5.61.49.60:1446
-
auth_value
9efbb486a7fa97e03174517a775da52c
Targets
-
-
Target
0b631c4fb431d496b31c1381376f7e70.exe
-
Size
1.3MB
-
MD5
0b631c4fb431d496b31c1381376f7e70
-
SHA1
48f24368aefd0f53a418627a2e36a05fcd391ac5
-
SHA256
b3f2f31bff8ef9370d05c3b1f0ac28acd50870e35f20c96e8336585d8a3a97a4
-
SHA512
6f7aa06358f836777dd8fa886a51145a0b46fac485423a3b4e0a8f7d7e54c75710296ef288f31f3271f00349fa1d34787a7b536f2488d46f79dbbf4a36050a41
-
SSDEEP
24576:imHhScn10aEUYTYmhYvrYIMLFdC8uuIRsFIT3LS:imBScn10a3FdRsFIT3L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-