General
-
Target
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
-
Size
1.6MB
-
Sample
221006-17x1qabbgn
-
MD5
d49bfdabe6d8bf9977115f1e09e2d4db
-
SHA1
629e8a9a9323e15b2128c81ce72c16ef3afe67b9
-
SHA256
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
-
SHA512
701d17bdc69922f01655c3e63ff59485d20e6871ab5c690789ac98e3006e43a3383582187609fcb0999c774d5dda573c84b4a84a29779fb0d23eba05ecc73327
-
SSDEEP
24576:2eTLUUWXx8KlTUeE/SP3GFFaraUuWbO0GmxsPGMkDC+/aRVUMysqyEH:b3UUAajKP3Qse+bOJE++aRSM2
Static task
static1
Behavioral task
behavioral1
Sample
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
IMHOTEP
185.215.113.217:19618
-
auth_value
6ab091fd3a77232d89f167fd3318223a
Targets
-
-
Target
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
-
Size
1.6MB
-
MD5
d49bfdabe6d8bf9977115f1e09e2d4db
-
SHA1
629e8a9a9323e15b2128c81ce72c16ef3afe67b9
-
SHA256
7ed64158ba9bc56b723988c63ab23c74e893bdd8273e96a7695cc9049779fa5c
-
SHA512
701d17bdc69922f01655c3e63ff59485d20e6871ab5c690789ac98e3006e43a3383582187609fcb0999c774d5dda573c84b4a84a29779fb0d23eba05ecc73327
-
SSDEEP
24576:2eTLUUWXx8KlTUeE/SP3GFFaraUuWbO0GmxsPGMkDC+/aRVUMysqyEH:b3UUAajKP3Qse+bOJE++aRSM2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-