General
-
Target
2aa96de34750c6299b33e6c5417f3032627c82d537c44642d49f795e55f10790
-
Size
244KB
-
Sample
221112-n6hhesac4w
-
MD5
7765f8394e933db1f47858252f16f847
-
SHA1
60474fb4b427dae01c21cd1a465b23f731f5eb8f
-
SHA256
2aa96de34750c6299b33e6c5417f3032627c82d537c44642d49f795e55f10790
-
SHA512
9341f0d5fcdeb73a2a2957f032830d5f2aed9a382d6f40c9ce5284d3a528331640fa320878a2f0c63e2d7c96a20fe74e6f53dc71a1cfd720d24807604f6b9492
-
SSDEEP
6144:hUmnhkRWlYBmwedvbJEJruX/JjEdyADkBGW:BnhkRWEdy6W
Static task
static1
Behavioral task
behavioral1
Sample
2aa96de34750c6299b33e6c5417f3032627c82d537c44642d49f795e55f10790.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
2aa96de34750c6299b33e6c5417f3032627c82d537c44642d49f795e55f10790
-
Size
244KB
-
MD5
7765f8394e933db1f47858252f16f847
-
SHA1
60474fb4b427dae01c21cd1a465b23f731f5eb8f
-
SHA256
2aa96de34750c6299b33e6c5417f3032627c82d537c44642d49f795e55f10790
-
SHA512
9341f0d5fcdeb73a2a2957f032830d5f2aed9a382d6f40c9ce5284d3a528331640fa320878a2f0c63e2d7c96a20fe74e6f53dc71a1cfd720d24807604f6b9492
-
SSDEEP
6144:hUmnhkRWlYBmwedvbJEJruX/JjEdyADkBGW:BnhkRWEdy6W
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-