General
-
Target
SecuriteInfo.com.Trojan.PWS.StealerNET.125.20367.28893.exe
-
Size
244KB
-
Sample
221112-hhgy4aea99
-
MD5
a12c47e39762edafed5850f5f52f64dc
-
SHA1
754088e7ad868ed59a470f2a94cf3804fe43ecda
-
SHA256
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8
-
SHA512
b1c8bdec7d5dde1965e4a5ceca092746b944dc08b193e3ee056a1b805fbff937e14c0d06102c03c2a1cf7d1dde2587ec7886097bcca1b19e1518f613d749bd63
-
SSDEEP
6144:qsGnhchmYB+IedLnnyTDtGOWu8lqpnBof5tnrug:YnhchwyTDtG/u8lHTnrug
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.StealerNET.125.20367.28893.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PWS.StealerNET.125.20367.28893.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.StealerNET.125.20367.28893.exe
-
Size
244KB
-
MD5
a12c47e39762edafed5850f5f52f64dc
-
SHA1
754088e7ad868ed59a470f2a94cf3804fe43ecda
-
SHA256
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8
-
SHA512
b1c8bdec7d5dde1965e4a5ceca092746b944dc08b193e3ee056a1b805fbff937e14c0d06102c03c2a1cf7d1dde2587ec7886097bcca1b19e1518f613d749bd63
-
SSDEEP
6144:qsGnhchmYB+IedLnnyTDtGOWu8lqpnBof5tnrug:YnhchwyTDtG/u8lHTnrug
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-