General
-
Target
file
-
Size
1.3MB
-
Sample
221026-vncyjsgdej
-
MD5
012e45283f000c630c2cc46a9f87a996
-
SHA1
25d57354cd7ac18e8ee5aa6bb4b9502ff0dd05a5
-
SHA256
2f791a20689cb930c92a588e9223cf1a81f0b1d3ef5a47bf99cf9932b02beb68
-
SHA512
b3c7a40e085d84ab81da9302addc2614570e099791b10a76cb5bda3e462b12f3cb246a91808d606db9339b15b94036db4649671a020aadaed080c04fc5e7155d
-
SSDEEP
24576:P4WoZkB+6pZ4uSu39ptmagDLb2S7WRCcoHDygMIHFT+:oinrHUagDLb2S78AzMIl6
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
new10261
denestyenol.xyz:81
exirdonanos.xyz:81
-
auth_value
599f87da51c4253a0b6e880e0185e7e6
Targets
-
-
Target
file
-
Size
1.3MB
-
MD5
012e45283f000c630c2cc46a9f87a996
-
SHA1
25d57354cd7ac18e8ee5aa6bb4b9502ff0dd05a5
-
SHA256
2f791a20689cb930c92a588e9223cf1a81f0b1d3ef5a47bf99cf9932b02beb68
-
SHA512
b3c7a40e085d84ab81da9302addc2614570e099791b10a76cb5bda3e462b12f3cb246a91808d606db9339b15b94036db4649671a020aadaed080c04fc5e7155d
-
SSDEEP
24576:P4WoZkB+6pZ4uSu39ptmagDLb2S7WRCcoHDygMIHFT+:oinrHUagDLb2S78AzMIl6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-