General
-
Target
file.exe
-
Size
1.1MB
-
Sample
221114-2d8qssdh99
-
MD5
5e7c07b9aa0668fa2971747bb4fade1e
-
SHA1
7fae544f73f2a8fb7a340a20ec47f76370fbd487
-
SHA256
431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361
-
SHA512
5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f
-
SSDEEP
24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
rozena1114
jalocliche.xyz:81
chardhesha.xyz:81
-
auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
5e7c07b9aa0668fa2971747bb4fade1e
-
SHA1
7fae544f73f2a8fb7a340a20ec47f76370fbd487
-
SHA256
431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361
-
SHA512
5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f
-
SSDEEP
24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-