General
-
Target
470f80ca7349c847bb5e892fa7ce1830.exe
-
Size
443KB
-
Sample
221012-zm5z6acbbk
-
MD5
470f80ca7349c847bb5e892fa7ce1830
-
SHA1
d175559baf9ed2d3adde6e0983157fdd69846ce0
-
SHA256
12b5f1fafe3fe0fb87c92cbc1b1c137669fa4f8a4730c5a480d61c08c00b8c79
-
SHA512
0b9538123fe38fd16167c1061b52e6d1bbfae08a009fb832f7edff7fdbdd237ca0b845c249f9a120b0b185757581e8c73657ac8b6b121c889dd13c85c3ff145a
-
SSDEEP
6144:t14yaN+DI6kZs2AaHMniB4fAZJNDTXCxl6Q1sIjNPeMDeMuskpDoPBST8FEAOecB:3aUDI6kZsBK5fQ1FefTskpDsSTZM020
Static task
static1
Behavioral task
behavioral1
Sample
470f80ca7349c847bb5e892fa7ce1830.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
470f80ca7349c847bb5e892fa7ce1830.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
95
45.144.31.240:40997
-
auth_value
398d6fb78a0f07111cca2571506c635e
Targets
-
-
Target
470f80ca7349c847bb5e892fa7ce1830.exe
-
Size
443KB
-
MD5
470f80ca7349c847bb5e892fa7ce1830
-
SHA1
d175559baf9ed2d3adde6e0983157fdd69846ce0
-
SHA256
12b5f1fafe3fe0fb87c92cbc1b1c137669fa4f8a4730c5a480d61c08c00b8c79
-
SHA512
0b9538123fe38fd16167c1061b52e6d1bbfae08a009fb832f7edff7fdbdd237ca0b845c249f9a120b0b185757581e8c73657ac8b6b121c889dd13c85c3ff145a
-
SSDEEP
6144:t14yaN+DI6kZs2AaHMniB4fAZJNDTXCxl6Q1sIjNPeMDeMuskpDoPBST8FEAOecB:3aUDI6kZsBK5fQ1FefTskpDsSTZM020
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-