General
-
Target
77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
-
Size
218KB
-
Sample
221113-aagz5ada6w
-
MD5
280ff0e3d9207d53b6cec62e55354ea0
-
SHA1
d29e651db88ef0689cd8a82089a9f92de1a4890b
-
SHA256
77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
-
SHA512
7ccc36df33b54013db1d640301e2f22750ff23d60420eabfa04cf12680dd23db749574f065dc300a67a6da87cebfca9870fecca94abf87eae7837c81e33da680
-
SSDEEP
3072:O4Zvc+9TjxAXjGPPg2uEvIzjRnyiUhB6TS/S9uFKVKrHexARcCT2kcmeqjs7GXo:OyUixAGhgh9ucUruu32aHbjKgZ
Static task
static1
Behavioral task
behavioral1
Sample
77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
-
Size
218KB
-
MD5
280ff0e3d9207d53b6cec62e55354ea0
-
SHA1
d29e651db88ef0689cd8a82089a9f92de1a4890b
-
SHA256
77787afa40ee7777c722a6184ae373fb94d009672cab31fd048de312c39ef707
-
SHA512
7ccc36df33b54013db1d640301e2f22750ff23d60420eabfa04cf12680dd23db749574f065dc300a67a6da87cebfca9870fecca94abf87eae7837c81e33da680
-
SSDEEP
3072:O4Zvc+9TjxAXjGPPg2uEvIzjRnyiUhB6TS/S9uFKVKrHexARcCT2kcmeqjs7GXo:OyUixAGhgh9ucUruu32aHbjKgZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-