General
-
Target
1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
-
Size
2.6MB
-
Sample
221005-g5hngadec6
-
MD5
6a8a4668a9d0211a51d7deab1c934a06
-
SHA1
0f3d62956f06f50927a3a607c7dedbead636be89
-
SHA256
1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
-
SHA512
882ca3b713fd17a635ea7827c99edb0855f99f916033adea3734b4273c0038c1287ded4c2aa0275c7ad6c36a283cd5fa1ae42f3da0bb2a4e52e4c4bbe59231d4
-
SSDEEP
24576:DSFcFJUhQltYiYSAtQQ6HMhNwdPHJOcQxzozzmXnSF6CfLpEel3RuQ55313Z:3UhQn/dc7XSF6Cf1/l33
Static task
static1
Behavioral task
behavioral1
Sample
1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
193.106.191.160:8673
-
auth_value
b452e7074eb79e37fc942576d3e3c701
Targets
-
-
Target
1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
-
Size
2.6MB
-
MD5
6a8a4668a9d0211a51d7deab1c934a06
-
SHA1
0f3d62956f06f50927a3a607c7dedbead636be89
-
SHA256
1ae9ae4748f288f207e0b4bb55399fc9bd0cd6fbff5c03d910cb0393f904773a
-
SHA512
882ca3b713fd17a635ea7827c99edb0855f99f916033adea3734b4273c0038c1287ded4c2aa0275c7ad6c36a283cd5fa1ae42f3da0bb2a4e52e4c4bbe59231d4
-
SSDEEP
24576:DSFcFJUhQltYiYSAtQQ6HMhNwdPHJOcQxzozzmXnSF6CfLpEel3RuQ55313Z:3UhQn/dc7XSF6Cf1/l33
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-