General
-
Target
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856
-
Size
4.5MB
-
Sample
220918-17t9tscbf7
-
MD5
116ad7e88ec60629de63ceeed72ca6f0
-
SHA1
9cf771b5ad3a5c18679827337261b9a7b0a586cd
-
SHA256
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856
-
SHA512
ecb5baf8a69125a27c0b381904d69f4046ee9e5a29557cb70614a32c95ea3c254b1e71f6ffcd2fba5ccc5df7c6740a2ac29b232b2c6f89ad037466c5cf7ec1cd
-
SSDEEP
98304:4+jjU7ShrX3uJXPhcHWSbjZxTap3mnR9zjMn:XfzhrX8c2WVxTamn7z
Static task
static1
Behavioral task
behavioral1
Sample
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
IMHOTEP
185.215.113.217:19618
-
auth_value
6ab091fd3a77232d89f167fd3318223a
Targets
-
-
Target
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856
-
Size
4.5MB
-
MD5
116ad7e88ec60629de63ceeed72ca6f0
-
SHA1
9cf771b5ad3a5c18679827337261b9a7b0a586cd
-
SHA256
8c952a5d6d8f610f4462847570be51afcadbfc5ca8c7298556bf24d6e1c92856
-
SHA512
ecb5baf8a69125a27c0b381904d69f4046ee9e5a29557cb70614a32c95ea3c254b1e71f6ffcd2fba5ccc5df7c6740a2ac29b232b2c6f89ad037466c5cf7ec1cd
-
SSDEEP
98304:4+jjU7ShrX3uJXPhcHWSbjZxTap3mnR9zjMn:XfzhrX8c2WVxTamn7z
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-