General
-
Target
9cfd8fe92b17725971779d3c67176a5256e6d2df24b0fc57850632062bb240a9
-
Size
244KB
-
Sample
221112-jv913she7z
-
MD5
99d97b5e97365fa3b9d8282106bcf436
-
SHA1
05d8b7c7564461e09372c82cc6568975404b2211
-
SHA256
9cfd8fe92b17725971779d3c67176a5256e6d2df24b0fc57850632062bb240a9
-
SHA512
9e0874f25f7ab744fcabbeb97ae295dc832f825b7d7a57f7993daa8b0cc9123142a6a78e263b0bb967956e2efe847a1c5311e791f7ee789b0a65683555ccc7cc
-
SSDEEP
3072:SsBuR9nPJ6+qVFhrOrzebB+6/tedlnDPT/6QmZUp2D/iX5xCosU7wgy7UwBhhtzZ:SsGnhchmYB+IedZ6QD2DWxCosfg4nZ
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
9cfd8fe92b17725971779d3c67176a5256e6d2df24b0fc57850632062bb240a9
-
Size
244KB
-
MD5
99d97b5e97365fa3b9d8282106bcf436
-
SHA1
05d8b7c7564461e09372c82cc6568975404b2211
-
SHA256
9cfd8fe92b17725971779d3c67176a5256e6d2df24b0fc57850632062bb240a9
-
SHA512
9e0874f25f7ab744fcabbeb97ae295dc832f825b7d7a57f7993daa8b0cc9123142a6a78e263b0bb967956e2efe847a1c5311e791f7ee789b0a65683555ccc7cc
-
SSDEEP
3072:SsBuR9nPJ6+qVFhrOrzebB+6/tedlnDPT/6QmZUp2D/iX5xCosU7wgy7UwBhhtzZ:SsGnhchmYB+IedZ6QD2DWxCosfg4nZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-