General
-
Target
391d8db75e7ff6684b8b81bcfcf3622d832b0ef7aa0b29d01f8a84f5c880a017
-
Size
1.7MB
-
Sample
221007-gnrvtabga9
-
MD5
7d2177241b4fa57a9e3e6de208875025
-
SHA1
b8c1d3171e82de04821ff213bd298c368c4c0b0f
-
SHA256
391d8db75e7ff6684b8b81bcfcf3622d832b0ef7aa0b29d01f8a84f5c880a017
-
SHA512
b3071a54f6c94085be43e5093c0acb62c12dbe8d6ccfeb474e46741e255c6aec3c2e8f8bf9b2380791fee33feda75d4540bdbfc17da9bb040ea47e797b276f5a
-
SSDEEP
49152:Vz/r2pelcD7gxpL4zMdZYkuFUFeDsHpWkIxXBR0:Vz/r2olcWL4zcD4TR
Static task
static1
Behavioral task
behavioral1
Sample
391d8db75e7ff6684b8b81bcfcf3622d832b0ef7aa0b29d01f8a84f5c880a017.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
185.186.142.127:17355
-
auth_value
2d7be1ed915f7e5f91af0977d4175cb7
Extracted
redline
@moriwWs
litrazalilibe.xyz:81
-
auth_value
c2f987b4e6cd55ad1315311e92563eca
Extracted
redline
h
185.106.92.139:16578
-
auth_value
d5aafe5ab67bae4a3f7cda3b2e30f9b7
Targets
-
-
Target
391d8db75e7ff6684b8b81bcfcf3622d832b0ef7aa0b29d01f8a84f5c880a017
-
Size
1.7MB
-
MD5
7d2177241b4fa57a9e3e6de208875025
-
SHA1
b8c1d3171e82de04821ff213bd298c368c4c0b0f
-
SHA256
391d8db75e7ff6684b8b81bcfcf3622d832b0ef7aa0b29d01f8a84f5c880a017
-
SHA512
b3071a54f6c94085be43e5093c0acb62c12dbe8d6ccfeb474e46741e255c6aec3c2e8f8bf9b2380791fee33feda75d4540bdbfc17da9bb040ea47e797b276f5a
-
SSDEEP
49152:Vz/r2pelcD7gxpL4zMdZYkuFUFeDsHpWkIxXBR0:Vz/r2olcWL4zcD4TR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-