General
-
Target
5dbd3a4c4c908582d25db793f0c490ac.exe
-
Size
695KB
-
Sample
221111-hgxm6ahhh7
-
MD5
5dbd3a4c4c908582d25db793f0c490ac
-
SHA1
58032cd11ae7958a8c71626fa72eef49dbf583f0
-
SHA256
e291e795b512467af58f2455f62ae6d3cce66d7d932b5bd2f0a023b5a517e8e4
-
SHA512
38ceead2db4b5370a9ddaaedf54bc66497df6302b1c6bd8c3047ad706a5795b182d193789aa56ff837f3384f0176ae0018170dd9c4e84ae5107533ecc228c8f2
-
SSDEEP
12288:GfG4J68IKAIAnA+w2Cf/tUdCEiGKI/HQPU+qW2Y0ZuXXLz5IqgmhdkDG/h0K0iZg:GfG4Q8IKAIA9IEiGK+HQPU+v0Cz0IkmU
Static task
static1
Behavioral task
behavioral1
Sample
5dbd3a4c4c908582d25db793f0c490ac.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5dbd3a4c4c908582d25db793f0c490ac.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
5dbd3a4c4c908582d25db793f0c490ac.exe
-
Size
695KB
-
MD5
5dbd3a4c4c908582d25db793f0c490ac
-
SHA1
58032cd11ae7958a8c71626fa72eef49dbf583f0
-
SHA256
e291e795b512467af58f2455f62ae6d3cce66d7d932b5bd2f0a023b5a517e8e4
-
SHA512
38ceead2db4b5370a9ddaaedf54bc66497df6302b1c6bd8c3047ad706a5795b182d193789aa56ff837f3384f0176ae0018170dd9c4e84ae5107533ecc228c8f2
-
SSDEEP
12288:GfG4J68IKAIAnA+w2Cf/tUdCEiGKI/HQPU+qW2Y0ZuXXLz5IqgmhdkDG/h0K0iZg:GfG4Q8IKAIA9IEiGK+HQPU+v0Cz0IkmU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-