General
-
Target
file.exe
-
Size
450KB
-
Sample
221008-s5wqwaehg3
-
MD5
47d4b2fd7654ad71026eb66dd2aa5d97
-
SHA1
dabbda8e945fadee09c5bbee1b0ed9a4036038f5
-
SHA256
5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
-
SHA512
3412e220dfcfa4401b03e0ca36c55c03f65bc92016a5a52db625a16c4e1171b1305477e9b461f3aaffeafcae99ccfdf1c9e4729695007718469bda1d753f28f1
-
SSDEEP
6144:Z8fFQo+7Q0H3y+nvEGiBpYbgBUR4JttcBDlxdwpfxfBThM9eo1I7u0Kry2wej99u:ZYFiISM5jY9IfBTy9eo1dC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
nam6.1
103.89.90.61:34589
-
auth_value
5a3c8b8880f6d03e2acaaa0ba12776e3
Targets
-
-
Target
file.exe
-
Size
450KB
-
MD5
47d4b2fd7654ad71026eb66dd2aa5d97
-
SHA1
dabbda8e945fadee09c5bbee1b0ed9a4036038f5
-
SHA256
5292b8004f9078cfddbb45f7a0a1d0e6c84a958e43e602f43f8af4161983b6ce
-
SHA512
3412e220dfcfa4401b03e0ca36c55c03f65bc92016a5a52db625a16c4e1171b1305477e9b461f3aaffeafcae99ccfdf1c9e4729695007718469bda1d753f28f1
-
SSDEEP
6144:Z8fFQo+7Q0H3y+nvEGiBpYbgBUR4JttcBDlxdwpfxfBThM9eo1I7u0Kry2wej99u:ZYFiISM5jY9IfBTy9eo1dC
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-