General
-
Target
25b80f714520a949e5ae6b95b0585ce8.exe
-
Size
2.4MB
-
Sample
221106-bqpwcaaee8
-
MD5
25b80f714520a949e5ae6b95b0585ce8
-
SHA1
9265fb3f52d272fe4a034f45b5e9b49eefd28e09
-
SHA256
b6fb44538c3a5ac766e0b3c2a51ca7e99f295adb761ff99a3ce11a45151277ba
-
SHA512
0b1281cc3224f8bb10e3ea9306e96ef7dee1e17b2dd0e55b21602c5410a5bb98b17a309f9318d4b250f6db2897c6552fe0027969266c884447e2ba14cb80ff98
-
SSDEEP
24576:wKPqiCZjY7YEu4sn2M1tTQaPjcy78aVrtnOUgKyOmU2LfH7j5HZ5cOl3RuQ5531Z:wKCiCyjMrtnOUgvOmU2GOl3z
Static task
static1
Behavioral task
behavioral1
Sample
25b80f714520a949e5ae6b95b0585ce8.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
25b80f714520a949e5ae6b95b0585ce8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Test1
45.15.156.48:8285
-
auth_value
3ec6815aabd0bab316e997c1c7898294
Targets
-
-
Target
25b80f714520a949e5ae6b95b0585ce8.exe
-
Size
2.4MB
-
MD5
25b80f714520a949e5ae6b95b0585ce8
-
SHA1
9265fb3f52d272fe4a034f45b5e9b49eefd28e09
-
SHA256
b6fb44538c3a5ac766e0b3c2a51ca7e99f295adb761ff99a3ce11a45151277ba
-
SHA512
0b1281cc3224f8bb10e3ea9306e96ef7dee1e17b2dd0e55b21602c5410a5bb98b17a309f9318d4b250f6db2897c6552fe0027969266c884447e2ba14cb80ff98
-
SSDEEP
24576:wKPqiCZjY7YEu4sn2M1tTQaPjcy78aVrtnOUgKyOmU2LfH7j5HZ5cOl3RuQ5531Z:wKCiCyjMrtnOUgvOmU2GOl3z
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-