General
-
Target
file.exe
-
Size
332KB
-
Sample
221111-zjptrsec5w
-
MD5
649f5856a0a8a90bbaf2184acdc6c28e
-
SHA1
ceb606fee39b49a984840d049fe8e66c368926ec
-
SHA256
4364de716ce73899bb82c0417a2cae748854be8db7ef7cc9fc9ca47b2f8031a0
-
SHA512
d3bcafbfb869a497563e96f47e404bb171cb585a3277e9b277710a5360e582b038eb280e963de8ce2ff93424891322965162e8210a1de0ca38f74ff88d02e7f7
-
SSDEEP
3072:8ZthlXskGHJwAp4fVIXXle0CfFm9hA8P5epcVQ3sYMzPmWbFl68OMwDO4pZE0GRT:8ZpshplCV6VexfcWOcDOsEZRLG/k
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@andriii_f
185.173.36.94:31511
-
auth_value
6eb1d25f0a98fab37914f41dd85e7bb0
Targets
-
-
Target
file.exe
-
Size
332KB
-
MD5
649f5856a0a8a90bbaf2184acdc6c28e
-
SHA1
ceb606fee39b49a984840d049fe8e66c368926ec
-
SHA256
4364de716ce73899bb82c0417a2cae748854be8db7ef7cc9fc9ca47b2f8031a0
-
SHA512
d3bcafbfb869a497563e96f47e404bb171cb585a3277e9b277710a5360e582b038eb280e963de8ce2ff93424891322965162e8210a1de0ca38f74ff88d02e7f7
-
SSDEEP
3072:8ZthlXskGHJwAp4fVIXXle0CfFm9hA8P5epcVQ3sYMzPmWbFl68OMwDO4pZE0GRT:8ZpshplCV6VexfcWOcDOsEZRLG/k
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-