General
-
Target
a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
-
Size
218KB
-
Sample
221113-tf7yaabf45
-
MD5
88ac1c2d9500309c4fdb3274f457c013
-
SHA1
2faffb7ea31e40dad5050d1d66fa1e3c87d123a4
-
SHA256
a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
-
SHA512
465e7f3c7b4667290e70767decbf1f55c2391a66a2f625cb348c81a5e2342579ed362bdc460b7c133b5717f3c33c5d4359b60c3a947706af87fc65ae063fc951
-
SSDEEP
6144:SD+Ane/rMGy8X/emPEbI1wxgg5VEVnqrKgZ:++FMGtPem3KK8GUKgZ
Static task
static1
Behavioral task
behavioral1
Sample
a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
-
Size
218KB
-
MD5
88ac1c2d9500309c4fdb3274f457c013
-
SHA1
2faffb7ea31e40dad5050d1d66fa1e3c87d123a4
-
SHA256
a6110b73589c1bd4aa3a13c6eca4ca9f72807d0954749ea9116ebead42c33ec0
-
SHA512
465e7f3c7b4667290e70767decbf1f55c2391a66a2f625cb348c81a5e2342579ed362bdc460b7c133b5717f3c33c5d4359b60c3a947706af87fc65ae063fc951
-
SSDEEP
6144:SD+Ane/rMGy8X/emPEbI1wxgg5VEVnqrKgZ:++FMGtPem3KK8GUKgZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-