General
-
Target
file.exe
-
Size
348KB
-
Sample
221109-mlhr1sgab7
-
MD5
bb8be3118ea359f82113e51fa7ad27f8
-
SHA1
e15987c62de928eed548d180359ffdad16a7eecd
-
SHA256
c852a4667cd669458b5511fbc5d272b4a4451f1e6f0f7831943969d1fc2aa319
-
SHA512
367d66aa0aae164d443d76765d1fe6d829abb781cc28cbfdab43fb3728a8a26d0b8f04c45a2cd01b5711421e8e4d4a379f587b485412fd91cad3fe0dd2cfdeab
-
SSDEEP
6144:DVXgXfr23vQU5nNHSJoBuZVu3irlceaBDlX3hpAO48Ub:RgXfr0NHpufuSpBa9lhpfw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
new1109
jalocliche.xyz:81
chardhesha.xyz:81
-
auth_value
4e1b0eea6916e5eec6474516190b3725
Targets
-
-
Target
file.exe
-
Size
348KB
-
MD5
bb8be3118ea359f82113e51fa7ad27f8
-
SHA1
e15987c62de928eed548d180359ffdad16a7eecd
-
SHA256
c852a4667cd669458b5511fbc5d272b4a4451f1e6f0f7831943969d1fc2aa319
-
SHA512
367d66aa0aae164d443d76765d1fe6d829abb781cc28cbfdab43fb3728a8a26d0b8f04c45a2cd01b5711421e8e4d4a379f587b485412fd91cad3fe0dd2cfdeab
-
SSDEEP
6144:DVXgXfr23vQU5nNHSJoBuZVu3irlceaBDlX3hpAO48Ub:RgXfr0NHpufuSpBa9lhpfw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-