General
-
Target
bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
-
Size
1.1MB
-
Sample
220919-pbskksgah4
-
MD5
60c91bf6960a8103919656fbe7da5cdc
-
SHA1
3609a2b98d28f4715e323e000c876c2468d2895c
-
SHA256
bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
-
SHA512
2ed01e68396007532cace1acaf9c8578af33b3fc9e9474ba93a87e4cf6be50754de1e8f250c060b13662e60776365c8eb22a3eabac87e81743cf3f1d35023c93
-
SSDEEP
24576:We9O5TV7pKJktsJ6+jHg/XJUHhz9V6/7TDP:2TV1XgHgvJEh5V6/7
Static task
static1
Behavioral task
behavioral1
Sample
bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
3108_RUZKI
213.219.247.199:9452
-
auth_value
f71fed1cd094e4e1eb7ad1c53e542bca
Targets
-
-
Target
bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
-
Size
1.1MB
-
MD5
60c91bf6960a8103919656fbe7da5cdc
-
SHA1
3609a2b98d28f4715e323e000c876c2468d2895c
-
SHA256
bf69921a8293c830267b93751b85c3b88f6262c371423ae40fe500b20184f051
-
SHA512
2ed01e68396007532cace1acaf9c8578af33b3fc9e9474ba93a87e4cf6be50754de1e8f250c060b13662e60776365c8eb22a3eabac87e81743cf3f1d35023c93
-
SSDEEP
24576:We9O5TV7pKJktsJ6+jHg/XJUHhz9V6/7TDP:2TV1XgHgvJEh5V6/7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-