General
-
Target
file.exe
-
Size
355KB
-
Sample
221021-wlwhjshfhm
-
MD5
2d497f4c12f1f0167fc10ecf35f723d4
-
SHA1
96a8d7fead7f50bcc39ff986b289e9cc240a8f20
-
SHA256
0d09a4ab3e8ceb83ed61d72f369dafe02bcfee6e57551b3a9077aee0a718aee8
-
SHA512
9efb947c9bab3a0e29f80b0697ab621728f92b1fd08e6bea4143bf421634397ffd7ad5020f3b7314aca2818df1355f8986e9389fa8b006e660c14ad4381564a3
-
SSDEEP
6144:K3e/3W0KIVKIV41+YlMQxQHyeNnCm0AO0MRll/UGk2YLJK2iRdh:KW3W0KIVKL+YlJFZtnpk2YLJmdh
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
51.89.201.21:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
file.exe
-
Size
355KB
-
MD5
2d497f4c12f1f0167fc10ecf35f723d4
-
SHA1
96a8d7fead7f50bcc39ff986b289e9cc240a8f20
-
SHA256
0d09a4ab3e8ceb83ed61d72f369dafe02bcfee6e57551b3a9077aee0a718aee8
-
SHA512
9efb947c9bab3a0e29f80b0697ab621728f92b1fd08e6bea4143bf421634397ffd7ad5020f3b7314aca2818df1355f8986e9389fa8b006e660c14ad4381564a3
-
SSDEEP
6144:K3e/3W0KIVKIV41+YlMQxQHyeNnCm0AO0MRll/UGk2YLJK2iRdh:KW3W0KIVKL+YlJFZtnpk2YLJmdh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-