General
-
Target
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
-
Size
1.5MB
-
Sample
221007-eb17lsbgbm
-
MD5
e11b0110e884debf9bee9756d1eaa625
-
SHA1
01e6fdfad2169994f434e2c896dd8780dff6341c
-
SHA256
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
-
SHA512
090ea94962ff5386f41ace6351ea4fcb1d0b051d7319a7b070c9440123cfc6ede6f8d4b981578ba0a626c776850a52f457341a808ea3caee532c03d7fb783526
-
SSDEEP
24576:lMnGznDVKFnuLA4nxra9S603/M0gTGXb2IQxnXL0K8Fa6IOefzft3UdLiP:CnGTDV8uLA8xeYmcXbfQxnXSfefiRiP
Static task
static1
Behavioral task
behavioral1
Sample
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
IMHOTEP
185.215.113.217:19618
-
auth_value
6ab091fd3a77232d89f167fd3318223a
Targets
-
-
Target
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
-
Size
1.5MB
-
MD5
e11b0110e884debf9bee9756d1eaa625
-
SHA1
01e6fdfad2169994f434e2c896dd8780dff6341c
-
SHA256
411fbc445abbf86f4c1082f6633b22776727ada869fd2236ee58a6ebd507f229
-
SHA512
090ea94962ff5386f41ace6351ea4fcb1d0b051d7319a7b070c9440123cfc6ede6f8d4b981578ba0a626c776850a52f457341a808ea3caee532c03d7fb783526
-
SSDEEP
24576:lMnGznDVKFnuLA4nxra9S603/M0gTGXb2IQxnXL0K8Fa6IOefzft3UdLiP:CnGTDV8uLA8xeYmcXbfQxnXSfefiRiP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-