General
-
Target
file.exe
-
Size
2.6MB
-
Sample
220923-zka21ahhb9
-
MD5
5714c442b4f06df227149d351cf101a3
-
SHA1
e5eb07dec8deb4b0e5c4905b71e7e6565908c613
-
SHA256
f7dbe640f31f8a9c00c0902580c04664a07d68d8453a3e7142691168c6fdbedf
-
SHA512
5620e79822a6e45fb8bcd40ee98024379fafe4e667f208fb9a57000121ada999155f787a5238cc600f62bdd05841f1da55af87e6686bf63e6a66b883cc43a69f
-
SSDEEP
24576:vn8L/Ae3wYMY8WAAp+SMyKdrpeCh6WUgkyfojvLolT4l3RuQ55313a:viAeH1hakyfojvs14l3E
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
ruzki18
176.113.115.146:9582
-
auth_value
7be17614eb631964b4725d83c6b7cc76
Targets
-
-
Target
file.exe
-
Size
2.6MB
-
MD5
5714c442b4f06df227149d351cf101a3
-
SHA1
e5eb07dec8deb4b0e5c4905b71e7e6565908c613
-
SHA256
f7dbe640f31f8a9c00c0902580c04664a07d68d8453a3e7142691168c6fdbedf
-
SHA512
5620e79822a6e45fb8bcd40ee98024379fafe4e667f208fb9a57000121ada999155f787a5238cc600f62bdd05841f1da55af87e6686bf63e6a66b883cc43a69f
-
SSDEEP
24576:vn8L/Ae3wYMY8WAAp+SMyKdrpeCh6WUgkyfojvLolT4l3RuQ55313a:viAeH1hakyfojvs14l3E
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-