General
-
Target
file.exe
-
Size
2.3MB
-
Sample
221021-xysg4acaam
-
MD5
64ef32e337aaf3c66bca1935117701b1
-
SHA1
febdc0041205aa8546117c30b4bc4eab1f182e6b
-
SHA256
e1db6a5d3acbbef1205aa4cd613b0824bf9236311df8b8a17b7cd6718f65df79
-
SHA512
87267e1b1e754ce9c2d610950d95afa5a733f7e74735514a388ddb379675ba1b4aa7c9ad412cb77e3b3e6b413eb87aa2e7b8d5004ce6de1d4788e0049bd12e82
-
SSDEEP
24576:MQYoYIY+KPXJuMNyEpYBk0eCWJHqmlgIACwxLxaDHFhl3RuQ55313z:MQjiRFgIACwxaFhl3V
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
INSTALL
69.176.94.78:47843
-
auth_value
6e739bdc6a4ad8300b1f57fbbb3dbee5
Targets
-
-
Target
file.exe
-
Size
2.3MB
-
MD5
64ef32e337aaf3c66bca1935117701b1
-
SHA1
febdc0041205aa8546117c30b4bc4eab1f182e6b
-
SHA256
e1db6a5d3acbbef1205aa4cd613b0824bf9236311df8b8a17b7cd6718f65df79
-
SHA512
87267e1b1e754ce9c2d610950d95afa5a733f7e74735514a388ddb379675ba1b4aa7c9ad412cb77e3b3e6b413eb87aa2e7b8d5004ce6de1d4788e0049bd12e82
-
SSDEEP
24576:MQYoYIY+KPXJuMNyEpYBk0eCWJHqmlgIACwxLxaDHFhl3RuQ55313z:MQjiRFgIACwxaFhl3V
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-