General
-
Target
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
-
Size
2.8MB
-
Sample
221005-c2mqssddel
-
MD5
bc0f88560edfbd4782b5731f3ee7cb08
-
SHA1
f5e9bd90666f80ff36dcc68b501e35cad94751df
-
SHA256
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
-
SHA512
d78dde3abc068e3f43e8784c7c62cf0b46c0e86c7ee2be7613a30fc4aba7c152a72ea73cd9b6990e892199df2b91121ab2daa0457b4722f0557a53fb91ad82e6
-
SSDEEP
49152:3XQXV7UeuVlzqiNV5qlWc0i0yf5Nh6lKa35l3l:3XQXV7Ueolz9fmvf5Nh6lB9
Static task
static1
Behavioral task
behavioral1
Sample
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Install
69.176.94.78:32244
-
auth_value
262df95952285ebeabc4c91774e37776
Targets
-
-
Target
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
-
Size
2.8MB
-
MD5
bc0f88560edfbd4782b5731f3ee7cb08
-
SHA1
f5e9bd90666f80ff36dcc68b501e35cad94751df
-
SHA256
7eff4f2344e8b0857d8045e73a199fc159ce1cbcd6a405606dd5e01c437fe6d0
-
SHA512
d78dde3abc068e3f43e8784c7c62cf0b46c0e86c7ee2be7613a30fc4aba7c152a72ea73cd9b6990e892199df2b91121ab2daa0457b4722f0557a53fb91ad82e6
-
SSDEEP
49152:3XQXV7UeuVlzqiNV5qlWc0i0yf5Nh6lKa35l3l:3XQXV7Ueolz9fmvf5Nh6lB9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-