General
-
Target
mоdеst-mеnu.exe
-
Size
2.6MB
-
Sample
221107-glvtpadfcq
-
MD5
a5c547265ed07c915d1988ee7f44a14a
-
SHA1
593d43959ba2ec563adc948d1b26181752e10bbb
-
SHA256
09f06431e9f721b193e24d6b2d61f415a6ee6e4e42b141dcaf30223cf162d993
-
SHA512
b3559e12540f6358840731652fe87bb05cf758555407bd9b93ce05e2158303facc8ea3cab04606bcbcce0c5905bd582ea3180e59741435b4daae4fca448ed504
-
SSDEEP
24576:ZHH7JxKgNhQuH8gG3APGGK/cRgOnmq9g6Nsp02P4goxZl3RuQ55313:BHFxrHH8gqGScOU7m6Nc0Ll3
Static task
static1
Behavioral task
behavioral1
Sample
mоdеst-mеnu.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
mоdеst-mеnu.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@cham1ng
193.106.191.160:8673
-
auth_value
296c18e34d670ae41d67c9e09e2546b7
Targets
-
-
Target
mоdеst-mеnu.exe
-
Size
2.6MB
-
MD5
a5c547265ed07c915d1988ee7f44a14a
-
SHA1
593d43959ba2ec563adc948d1b26181752e10bbb
-
SHA256
09f06431e9f721b193e24d6b2d61f415a6ee6e4e42b141dcaf30223cf162d993
-
SHA512
b3559e12540f6358840731652fe87bb05cf758555407bd9b93ce05e2158303facc8ea3cab04606bcbcce0c5905bd582ea3180e59741435b4daae4fca448ed504
-
SSDEEP
24576:ZHH7JxKgNhQuH8gG3APGGK/cRgOnmq9g6Nsp02P4goxZl3RuQ55313:BHFxrHH8gqGScOU7m6Nc0Ll3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-