General
-
Target
file
-
Size
271KB
-
Sample
221111-cdvrhaabgk
-
MD5
36c51c0d146dbe9024e34b251421a72e
-
SHA1
54e5325e012106703cd432d7568f974bd115a337
-
SHA256
0ce402cf92619e1d76d785c01928ec54abcb73933bde93ef33bec31c6ec825f8
-
SHA512
1d0d9f18510d32367dbb929ab2d8db74bd50fe0a07c19b3d860475f1e83ed8d3e2c0d3f925044243271f7b01b0fc1dcd2a49865ce6786ff8127df3c67b0c1687
-
SSDEEP
3072:A5m+sPa0rSqvWxPtdlROun6IQiWxh4WZ9bOTTmofHsEUv/f:+sPa0rLw7Wu6ItWxhl9w6YU/f
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
PerseCloud Logs
151.80.89.227:45878
-
auth_value
f35e78a6b4be27a5c8621510cdcfa361
Targets
-
-
Target
file
-
Size
271KB
-
MD5
36c51c0d146dbe9024e34b251421a72e
-
SHA1
54e5325e012106703cd432d7568f974bd115a337
-
SHA256
0ce402cf92619e1d76d785c01928ec54abcb73933bde93ef33bec31c6ec825f8
-
SHA512
1d0d9f18510d32367dbb929ab2d8db74bd50fe0a07c19b3d860475f1e83ed8d3e2c0d3f925044243271f7b01b0fc1dcd2a49865ce6786ff8127df3c67b0c1687
-
SSDEEP
3072:A5m+sPa0rSqvWxPtdlROun6IQiWxh4WZ9bOTTmofHsEUv/f:+sPa0rLw7Wu6ItWxhl9w6YU/f
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-