General
-
Target
e2cb8407436a5a2ed6f1220df5805900cf1df475eb9493a81508e61748144e1e.zip
-
Size
134KB
-
Sample
221114-ll69yabc3x
-
MD5
4a1458e864f63d4511cf2be9ffeefad4
-
SHA1
3943a5ad80b88e2df71f866adb42afc7402f2fb1
-
SHA256
c91f75743559fd88b3017cfa9e03a8ac1a8c68d193a7337df2c5994e63c66410
-
SHA512
0fb107c9ae3545cc32af0e2ac44e589e3914d3690514f76ebdc35f2be6595cc701fcff3df6352c6017c0383e60cf51e18d0a816b265f5714043c776133697602
-
SSDEEP
3072:yJSTvfyBw1x+FijBfGq4g/PbXjoCrUCSm2vS4HHSnx5mkTVaE/h2FJmB:yJSeBw1KidfGq4gnbF4vScSx5XpaEp2K
Static task
static1
Behavioral task
behavioral1
Sample
e2cb8407436a5a2ed6f1220df5805900cf1df475eb9493a81508e61748144e1e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e2cb8407436a5a2ed6f1220df5805900cf1df475eb9493a81508e61748144e1e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
e2cb8407436a5a2ed6f1220df5805900cf1df475eb9493a81508e61748144e1e.exe
-
Size
244KB
-
MD5
7b41368bae47e4e02a054fad1155da9b
-
SHA1
210cb9b322dc316f25b1c614af26174eb7dceda1
-
SHA256
e2cb8407436a5a2ed6f1220df5805900cf1df475eb9493a81508e61748144e1e
-
SHA512
525c76bd414657480f7f543326c13d7c84149cb8f172d10039de3ce66751cb1afc04b7d5b374b917405401f54883e594cb52e29f34a521debdfb959a71eded6f
-
SSDEEP
6144:PUmnhkRWlYBmwedJWh3FO9F9JCm7Xyn2APRNXyJ0yiwMREUxL0w4bJsEy:LnhkRWvWh3FO9F9JCm7Xyn2APbXymwM5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-