General
-
Target
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.zip
-
Size
133KB
-
Sample
221112-tzlt6abg61
-
MD5
5b95d103b394968bdb82503a61023e75
-
SHA1
c40e54c4564e9da65ede8104dab48addd75a046e
-
SHA256
df99b43e3c5d34d653680eeb0dd76965f0d2891e35e92acb929efd65f77d2810
-
SHA512
4e4bdfef7f611cb5ceb5a692f20385aecfd0c8c26f77ca0694e0f72bd9bea25ad7b3c68d0423175a62956a1ebce6335ccaa0bd8c0c0bff8c012e3823cedd663d
-
SSDEEP
3072:6Gr4qm814JaCNP/YcjzeY5v0WlrSzbxoF+N9NkxGmqNRL7bShRIDbE:5rvmbJh3D6YLlOzbCEkxGBPvbSn2E
Static task
static1
Behavioral task
behavioral1
Sample
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
-
Size
244KB
-
MD5
a12c47e39762edafed5850f5f52f64dc
-
SHA1
754088e7ad868ed59a470f2a94cf3804fe43ecda
-
SHA256
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8
-
SHA512
b1c8bdec7d5dde1965e4a5ceca092746b944dc08b193e3ee056a1b805fbff937e14c0d06102c03c2a1cf7d1dde2587ec7886097bcca1b19e1518f613d749bd63
-
SSDEEP
6144:qsGnhchmYB+IedLnnyTDtGOWu8lqpnBof5tnrug:YnhchwyTDtG/u8lHTnrug
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-