General
-
Target
file.exe
-
Size
2.6MB
-
Sample
220920-qf3rsachh9
-
MD5
7bc7d60e8178d0a04a756200675f0ece
-
SHA1
a5cab5575a499e8bcf96cdbd5bca5af5f167cf9d
-
SHA256
fb0816b55ce0416b43f909bd41ec2083d8b1715b0765c04cd09eac6ef5c804e5
-
SHA512
5042f8c126a3ff911177e3ac5643a4626f9e85e1b0d009a356e543420446fe751921377dc1436e23b40b8f90ab96ad0e23af5d001f3c6eaf31fb758cafa4c424
-
SSDEEP
24576:dPyzod8VRu+BRIWDhY8YflYCcP2KrMV+dheGiUe0YF9UVnO4LJYiqLxrOl3RuQ5z:dKzod8VR1BRIWLTiPmrLJYiqAl35
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@forceddd_lzt
5.182.36.101:31305
-
auth_value
91ffc3d776bc56b5c410d1adf5648512
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
7bc7d60e8178d0a04a756200675f0ece
-
SHA1
a5cab5575a499e8bcf96cdbd5bca5af5f167cf9d
-
SHA256
fb0816b55ce0416b43f909bd41ec2083d8b1715b0765c04cd09eac6ef5c804e5
-
SHA512
5042f8c126a3ff911177e3ac5643a4626f9e85e1b0d009a356e543420446fe751921377dc1436e23b40b8f90ab96ad0e23af5d001f3c6eaf31fb758cafa4c424
-
SSDEEP
24576:dPyzod8VRu+BRIWDhY8YflYCcP2KrMV+dheGiUe0YF9UVnO4LJYiqLxrOl3RuQ5z:dKzod8VR1BRIWLTiPmrLJYiqAl35
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-