General
-
Target
f6e7262d7daa969eda6500e0d9a80cdbce21b1dd3b5619bd3cc796511a1a0a6a
-
Size
218KB
-
Sample
221113-ekw91sdd9v
-
MD5
c0d65b6813f4790cd5f55b975b2185c7
-
SHA1
1118ce497e0cf4b7b3a84649049292949a698cce
-
SHA256
f6e7262d7daa969eda6500e0d9a80cdbce21b1dd3b5619bd3cc796511a1a0a6a
-
SHA512
193871bc2816a7285781201ac4eb93df3bd81a2a2dd818dc6685531994fabba76e6a22e8f94a717dbfe401076abdd56a693741733a83a07ec99564caad04b46c
-
SSDEEP
6144:BKMSx4q7/vkOreE9MbpV0stCkrxQsKgZ:YMankOrK0bkF9KgZ
Static task
static1
Behavioral task
behavioral1
Sample
f6e7262d7daa969eda6500e0d9a80cdbce21b1dd3b5619bd3cc796511a1a0a6a.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f6e7262d7daa969eda6500e0d9a80cdbce21b1dd3b5619bd3cc796511a1a0a6a
-
Size
218KB
-
MD5
c0d65b6813f4790cd5f55b975b2185c7
-
SHA1
1118ce497e0cf4b7b3a84649049292949a698cce
-
SHA256
f6e7262d7daa969eda6500e0d9a80cdbce21b1dd3b5619bd3cc796511a1a0a6a
-
SHA512
193871bc2816a7285781201ac4eb93df3bd81a2a2dd818dc6685531994fabba76e6a22e8f94a717dbfe401076abdd56a693741733a83a07ec99564caad04b46c
-
SSDEEP
6144:BKMSx4q7/vkOreE9MbpV0stCkrxQsKgZ:YMankOrK0bkF9KgZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-