General
-
Target
d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
-
Size
218KB
-
Sample
221112-yq66yscd6t
-
MD5
71ca99e5234f6246fa13d973328208de
-
SHA1
5ef1d50b5b346f39494454fcd0b14f66a15dc953
-
SHA256
d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
-
SHA512
9d3f27782a7e8ab09ce2b69c1a6a72f10852dc8dca7348b2043571ccd1da70bae6ef6b4cbebfe429daf18ccfa6d5705a846176ec0398483c35bb6135e4d77e33
-
SSDEEP
3072:04Zvc+9TjxAXjGPPOOEGrdCQVyk39ZJLQidd16KZS3uQ78I29vlawhmN1KgZ:0yUixAY1dPVyk1kikoS3uQBtN1KgZ
Static task
static1
Behavioral task
behavioral1
Sample
d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
-
Size
218KB
-
MD5
71ca99e5234f6246fa13d973328208de
-
SHA1
5ef1d50b5b346f39494454fcd0b14f66a15dc953
-
SHA256
d8e984994500d40134afc4d7ea689ef52aab5fe2e8bbd79c6ffb43b911172b69
-
SHA512
9d3f27782a7e8ab09ce2b69c1a6a72f10852dc8dca7348b2043571ccd1da70bae6ef6b4cbebfe429daf18ccfa6d5705a846176ec0398483c35bb6135e4d77e33
-
SSDEEP
3072:04Zvc+9TjxAXjGPPOOEGrdCQVyk39ZJLQidd16KZS3uQ78I29vlawhmN1KgZ:0yUixAY1dPVyk1kikoS3uQBtN1KgZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-