General
-
Target
ebc6bd0813255ef20045c4744c3aa096a1221b865abb0dd71f1e8b9d60d42773
-
Size
2.3MB
-
Sample
221101-nvcg2acebm
-
MD5
f92516ddd9f836f3dec47a03128b388b
-
SHA1
0a80b32cf3cf5b632eac3f4ba99643ef017265ce
-
SHA256
ebc6bd0813255ef20045c4744c3aa096a1221b865abb0dd71f1e8b9d60d42773
-
SHA512
ccce0efe678a8978cb1f5796b2580506c173b40988dfe5922c0252ffe5f3d2eff30e24ec8fadab066c110653c4070aecb670a3e5c31b0057c3476f62e4d8ff0e
-
SSDEEP
24576:NsCzxS/YcYA2a5vtuMlzAhjdyw9TIAljIbPuICS2CLWeal3RuQ55313H:Gexsuz1IbPuICS2Cul3h
Malware Config
Extracted
redline
5521731897_99
botmastr.xyz:28786
-
auth_value
f6c169748e5b4501a21279a990897f61
Targets
-
-
Target
ebc6bd0813255ef20045c4744c3aa096a1221b865abb0dd71f1e8b9d60d42773
-
Size
2.3MB
-
MD5
f92516ddd9f836f3dec47a03128b388b
-
SHA1
0a80b32cf3cf5b632eac3f4ba99643ef017265ce
-
SHA256
ebc6bd0813255ef20045c4744c3aa096a1221b865abb0dd71f1e8b9d60d42773
-
SHA512
ccce0efe678a8978cb1f5796b2580506c173b40988dfe5922c0252ffe5f3d2eff30e24ec8fadab066c110653c4070aecb670a3e5c31b0057c3476f62e4d8ff0e
-
SSDEEP
24576:NsCzxS/YcYA2a5vtuMlzAhjdyw9TIAljIbPuICS2CLWeal3RuQ55313H:Gexsuz1IbPuICS2Cul3h
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-