General
-
Target
089a5df1e8d56d3402094e6365d31b8ce40d776757d906615af0bef4a7149c04
-
Size
2.5MB
-
Sample
221001-nw4b5sghhm
-
MD5
e93fde7537147abe851afc2493e81cdc
-
SHA1
02adcdfe6456d43e3b6f3cf05b68ef4c8c02db55
-
SHA256
089a5df1e8d56d3402094e6365d31b8ce40d776757d906615af0bef4a7149c04
-
SHA512
8ad8375d1bfdc7702e82cc358603951c21d5ba5ae174a4f5d326d4d5b7b796011844824efd39f1e75471fdeca41e7b89c03f295e93360ba3478ecd06670d49ff
-
SSDEEP
24576:ah48tJSpduZQ7mqmcYiYeSYXeFWxMvMd4UhGIqhYQbnNALxMEeAl3RuQ55313z:k4gJSpduZ4mq/VdvqhYQbnNArl3d
Static task
static1
Behavioral task
behavioral1
Sample
089a5df1e8d56d3402094e6365d31b8ce40d776757d906615af0bef4a7149c04.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
1
93.159.221.122:8387
Targets
-
-
Target
089a5df1e8d56d3402094e6365d31b8ce40d776757d906615af0bef4a7149c04
-
Size
2.5MB
-
MD5
e93fde7537147abe851afc2493e81cdc
-
SHA1
02adcdfe6456d43e3b6f3cf05b68ef4c8c02db55
-
SHA256
089a5df1e8d56d3402094e6365d31b8ce40d776757d906615af0bef4a7149c04
-
SHA512
8ad8375d1bfdc7702e82cc358603951c21d5ba5ae174a4f5d326d4d5b7b796011844824efd39f1e75471fdeca41e7b89c03f295e93360ba3478ecd06670d49ff
-
SSDEEP
24576:ah48tJSpduZQ7mqmcYiYeSYXeFWxMvMd4UhGIqhYQbnNALxMEeAl3RuQ55313z:k4gJSpduZ4mq/VdvqhYQbnNArl3d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-