General
-
Target
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
-
Size
1.4MB
-
Sample
221002-183mladbb3
-
MD5
e32cf33433b5635501885a6bf12ff2a9
-
SHA1
4a9a7d6c7bf8cb9e64c9bddfe60031e06804a58d
-
SHA256
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
-
SHA512
868aefac1226b5a6f2c7cf2e7588a457dc871659867863631ab938631bd90f6d67573dc1a39ad9199063e19b9b0ecce3506e762ab3a0d7287e30d7736cd86754
-
SSDEEP
24576:G9KJu8M5sw86BP6SBD8iHVJP19u/OpCmA0oPRw9gvJmWTDDq9xa/9F:G9d8yF8QP6a8At9ucxca+vJn3oa/
Static task
static1
Behavioral task
behavioral1
Sample
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
IMHOTEP
185.215.113.217:19618
-
auth_value
6ab091fd3a77232d89f167fd3318223a
Targets
-
-
Target
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
-
Size
1.4MB
-
MD5
e32cf33433b5635501885a6bf12ff2a9
-
SHA1
4a9a7d6c7bf8cb9e64c9bddfe60031e06804a58d
-
SHA256
e822f7561f691758e216de6b04c0d6a1c4604766fa5de24b548f2d48fe211ee6
-
SHA512
868aefac1226b5a6f2c7cf2e7588a457dc871659867863631ab938631bd90f6d67573dc1a39ad9199063e19b9b0ecce3506e762ab3a0d7287e30d7736cd86754
-
SSDEEP
24576:G9KJu8M5sw86BP6SBD8iHVJP19u/OpCmA0oPRw9gvJmWTDDq9xa/9F:G9d8yF8QP6a8At9ucxca+vJn3oa/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-