General
-
Target
file
-
Size
194KB
-
Sample
221013-rxg23shegm
-
MD5
69fddcbd4f2e126cc1f8a9f0576a8787
-
SHA1
7db5dfe68ff1d4c1f06bf98dcf91942222ca8c8e
-
SHA256
c3159aafd09bbb7c072fd562624548f09f0e60745caebd9f8bcf03fe4ba87646
-
SHA512
27ecceb6678a3b3d045e19b4353316b1e7d52ff48281af941ae448b4ec6f15dba475d8d23cf879b91c9ca8fd02209129e3e6009a16b6d95cab3a444a4a4ff1a0
-
SSDEEP
3072:8OIwV7N+5c9XJEXBy59Kt+nEN6k1cW8T0NQT4Cayi5cTzkV3u22rQTraV8u1VKGh:8peV6QLa1m0NQsukSR
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
nam6.2
103.89.90.61:34589
-
auth_value
4040fe7c77de89cf1a6f4cebd515c54c
Targets
-
-
Target
file
-
Size
194KB
-
MD5
69fddcbd4f2e126cc1f8a9f0576a8787
-
SHA1
7db5dfe68ff1d4c1f06bf98dcf91942222ca8c8e
-
SHA256
c3159aafd09bbb7c072fd562624548f09f0e60745caebd9f8bcf03fe4ba87646
-
SHA512
27ecceb6678a3b3d045e19b4353316b1e7d52ff48281af941ae448b4ec6f15dba475d8d23cf879b91c9ca8fd02209129e3e6009a16b6d95cab3a444a4a4ff1a0
-
SSDEEP
3072:8OIwV7N+5c9XJEXBy59Kt+nEN6k1cW8T0NQT4Cayi5cTzkV3u22rQTraV8u1VKGh:8peV6QLa1m0NQsukSR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-