General
-
Target
file.exe
-
Size
2.5MB
-
Sample
220919-pnb4csgga9
-
MD5
d86dcfb47cfaf182e8be1621ec075d91
-
SHA1
16bbf3a23701aa637521b19f9346fefdac713d75
-
SHA256
5f94be11553d43fa0469fd651f03b928dd1f43bbb79e762dba06474e8ea77a66
-
SHA512
582b875be0f706fb934aa8a7ad11c59f13a0601ec3c25af268c49ca0255dc3de21d0c8694051d257b56e059d9ffa1d663da7845a265574f1964fb7b58f78a32d
-
SSDEEP
24576:0BmX69tHBMYlYH/iMetSM4U9o1h5xECVgTTnpSLaAfqVZlJDZaLGtHsl3RuQ553U:GmX69tHK4vTjpSlfqVZlJDZaRl3w
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@forceddd_lzt
5.182.36.101:31305
-
auth_value
91ffc3d776bc56b5c410d1adf5648512
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
d86dcfb47cfaf182e8be1621ec075d91
-
SHA1
16bbf3a23701aa637521b19f9346fefdac713d75
-
SHA256
5f94be11553d43fa0469fd651f03b928dd1f43bbb79e762dba06474e8ea77a66
-
SHA512
582b875be0f706fb934aa8a7ad11c59f13a0601ec3c25af268c49ca0255dc3de21d0c8694051d257b56e059d9ffa1d663da7845a265574f1964fb7b58f78a32d
-
SSDEEP
24576:0BmX69tHBMYlYH/iMetSM4U9o1h5xECVgTTnpSLaAfqVZlJDZaLGtHsl3RuQ553U:GmX69tHK4vTjpSlfqVZlJDZaRl3w
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-