General
-
Target
red.png
-
Size
420KB
-
Sample
221108-rbd4asbac3
-
MD5
8deb78e7465c7aa01dce0f7b56afd75a
-
SHA1
46dfe591424f1c811c6da80b81ca3962e8667588
-
SHA256
1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa
-
SHA512
c6a9d751ab704d5c7ea56f4b7377b2e6a81e4f1098b6765ece65685dab39289ead9f869bd6913b14b36e7379bc947c2392d42e6e2dc8020f098d63fb7588cda1
-
SSDEEP
6144:cRRIHFh8pCFAECNTT0vgPq+jscEI+ZVF10o+mjgQrsSJI5ELFTVoZphtyUfku2wy:cPCFST04y+0hVjbihU
Static task
static1
Behavioral task
behavioral1
Sample
red.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
red.ps1
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
$
62.204.41.34:1188
-
auth_value
bbb8c6d9124694fed57447b1568ddeec
Targets
-
-
Target
red.png
-
Size
420KB
-
MD5
8deb78e7465c7aa01dce0f7b56afd75a
-
SHA1
46dfe591424f1c811c6da80b81ca3962e8667588
-
SHA256
1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa
-
SHA512
c6a9d751ab704d5c7ea56f4b7377b2e6a81e4f1098b6765ece65685dab39289ead9f869bd6913b14b36e7379bc947c2392d42e6e2dc8020f098d63fb7588cda1
-
SSDEEP
6144:cRRIHFh8pCFAECNTT0vgPq+jscEI+ZVF10o+mjgQrsSJI5ELFTVoZphtyUfku2wy:cPCFST04y+0hVjbihU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-