General
-
Target
3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
-
Size
218KB
-
Sample
221113-n666sabb42
-
MD5
3de8df56c864e0f5a715f0a1e9383c48
-
SHA1
c4d5f366616430ecc5ab0123803b7586fcd90943
-
SHA256
3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
-
SHA512
88639641215375669dc56a5b0504b247b089848abcd0a2a901090f026f26928d8e5933b756fe9400f62f5579b94c7bc22e18fe83c25a99268686cca0ab29fdbc
-
SSDEEP
6144:51QWVkgiFkldDpJ1YHuFfWBCVt6PoKgZ:DQCDpvnFfWwmPoKgZ
Static task
static1
Behavioral task
behavioral1
Sample
3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
-
Size
218KB
-
MD5
3de8df56c864e0f5a715f0a1e9383c48
-
SHA1
c4d5f366616430ecc5ab0123803b7586fcd90943
-
SHA256
3f4a2d676bc1ad155e33f1e5e6c2a19a7d3cd37ba9b30bfaffdf6e1a37456290
-
SHA512
88639641215375669dc56a5b0504b247b089848abcd0a2a901090f026f26928d8e5933b756fe9400f62f5579b94c7bc22e18fe83c25a99268686cca0ab29fdbc
-
SSDEEP
6144:51QWVkgiFkldDpJ1YHuFfWBCVt6PoKgZ:DQCDpvnFfWwmPoKgZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-