General
-
Target
1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
-
Size
242KB
-
Sample
221112-tfwv1sge98
-
MD5
4f631724394e402ac41744521eadeeab
-
SHA1
6110301f4cdf7344ba804aa0fe095666bda37446
-
SHA256
1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
-
SHA512
e1532da10430fb11811d2e98a1a9359c8a79cfe08ec26da824daa6e29db45c14102881a0d2f3e2915fabd956b045619fbd176a097081607bf9487963dff24edf
-
SSDEEP
6144:1EV/oJY6gZme/6ZM8GISMPCiDmLD3e507bNU:2V/oJGUSNbee7bNU
Static task
static1
Behavioral task
behavioral1
Sample
1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
-
Size
242KB
-
MD5
4f631724394e402ac41744521eadeeab
-
SHA1
6110301f4cdf7344ba804aa0fe095666bda37446
-
SHA256
1d9fa30490bb8d11143c10f9ada630baf2c43ac193bdb2f2cc24dbdba3e73b35
-
SHA512
e1532da10430fb11811d2e98a1a9359c8a79cfe08ec26da824daa6e29db45c14102881a0d2f3e2915fabd956b045619fbd176a097081607bf9487963dff24edf
-
SSDEEP
6144:1EV/oJY6gZme/6ZM8GISMPCiDmLD3e507bNU:2V/oJGUSNbee7bNU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-