General
-
Target
file.exe
-
Size
6.5MB
-
Sample
221103-wmf49afefm
-
MD5
bf2e6c38b980d4da50e29a62c2372498
-
SHA1
537043bfa0d4a6e9c4006837603ee2859e01fd21
-
SHA256
4997ee85be4bcb1e2776453041349b2469ff57580e377c95a31dc0dd4f5a9016
-
SHA512
7287d748ac295cdf5e5b09497540fd94e0c0464bd23c486540a9da4527b78a6a498f0183b94bc90bce432e6b1457e103c30920244165233f8937a4a1e1e8d954
-
SSDEEP
196608:rxrqX/vn91s4GqnucVRkkX9xFZyOp1IVO:rIXXXs3qnzVRkk5ZyO1IVO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
PerseCloud
151.80.89.227:45878
-
auth_value
533cc8f84715abfaea3e699d139e875c
Targets
-
-
Target
file.exe
-
Size
6.5MB
-
MD5
bf2e6c38b980d4da50e29a62c2372498
-
SHA1
537043bfa0d4a6e9c4006837603ee2859e01fd21
-
SHA256
4997ee85be4bcb1e2776453041349b2469ff57580e377c95a31dc0dd4f5a9016
-
SHA512
7287d748ac295cdf5e5b09497540fd94e0c0464bd23c486540a9da4527b78a6a498f0183b94bc90bce432e6b1457e103c30920244165233f8937a4a1e1e8d954
-
SSDEEP
196608:rxrqX/vn91s4GqnucVRkkX9xFZyOp1IVO:rIXXXs3qnzVRkk5ZyO1IVO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-