General
-
Target
3acae017cf19e85f5c49fccc75df3701ac8fbdffe4dadfb7e1d748f2020ecc9e
-
Size
247KB
-
Sample
221113-yq739acg52
-
MD5
b9897eadbf8761ccb2d5729551a3fabe
-
SHA1
06de4303f9446799cfb97096400b5f6dcfe28ba6
-
SHA256
3acae017cf19e85f5c49fccc75df3701ac8fbdffe4dadfb7e1d748f2020ecc9e
-
SHA512
8b813c6472055e66da232b8e42e6673a32784730cb16daf8fd2a31aa7ef2f36ab9ded707fbf3acaab7c819f3ed987e40e112c3b14fd2db349a94f2ede79dc82b
-
SSDEEP
3072:L+ejh0KBywzTJzQqDGqLM+K526fp6pa5AT6OFLfv2rSoPmmk7umhA+lXFi84KQ6a:lhjBpzQEM+96fIlX5dC4XgbJ65bZ4b
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
3acae017cf19e85f5c49fccc75df3701ac8fbdffe4dadfb7e1d748f2020ecc9e
-
Size
247KB
-
MD5
b9897eadbf8761ccb2d5729551a3fabe
-
SHA1
06de4303f9446799cfb97096400b5f6dcfe28ba6
-
SHA256
3acae017cf19e85f5c49fccc75df3701ac8fbdffe4dadfb7e1d748f2020ecc9e
-
SHA512
8b813c6472055e66da232b8e42e6673a32784730cb16daf8fd2a31aa7ef2f36ab9ded707fbf3acaab7c819f3ed987e40e112c3b14fd2db349a94f2ede79dc82b
-
SSDEEP
3072:L+ejh0KBywzTJzQqDGqLM+K526fp6pa5AT6OFLfv2rSoPmmk7umhA+lXFi84KQ6a:lhjBpzQEM+96fIlX5dC4XgbJ65bZ4b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-