General
-
Target
file.exe
-
Size
183KB
-
Sample
221024-w4ww2aaae8
-
MD5
1ddbcb2ec41aab8a0ed64c9a266ac3a2
-
SHA1
a12e7820ab07cedf5b4a95ea450f22b203cc886b
-
SHA256
1365dcd0d8f9e75605089f59e5add9f0d1b9aa799de2dbc77ce2248f274faaad
-
SHA512
900efae0b40532ddcfc735bcdb36ea22f3edcab346ccf49e224d8408f69d896a1853a7a737091a308fb2d88fd00d1991888483ab2bafd20c3d76edf8fff40159
-
SSDEEP
3072:EyGCke+S6a1Eabgi8u39Es9nu3d1hd+rTf0av72B2hq4x:1AS6a1os90dR+Ziw3
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
22.10
176.124.201.205:37411
-
auth_value
92585e61e33956141389c28abf76dfd8
Targets
-
-
Target
file.exe
-
Size
183KB
-
MD5
1ddbcb2ec41aab8a0ed64c9a266ac3a2
-
SHA1
a12e7820ab07cedf5b4a95ea450f22b203cc886b
-
SHA256
1365dcd0d8f9e75605089f59e5add9f0d1b9aa799de2dbc77ce2248f274faaad
-
SHA512
900efae0b40532ddcfc735bcdb36ea22f3edcab346ccf49e224d8408f69d896a1853a7a737091a308fb2d88fd00d1991888483ab2bafd20c3d76edf8fff40159
-
SSDEEP
3072:EyGCke+S6a1Eabgi8u39Es9nu3d1hd+rTf0av72B2hq4x:1AS6a1os90dR+Ziw3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-