General
-
Target
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.zip
-
Size
133KB
-
Sample
221114-ll84jaga95
-
MD5
af7dbd0b7b53e3580e9a38ba422f4d6c
-
SHA1
3a02fdb5c5f980cbf627ea2d52d7cde7dc64bccd
-
SHA256
14d2294972f3f433a81e34443650c2a8899123cd0190d308bd3fd1133de54b83
-
SHA512
7fb1fde8f98f0a9c11e59a97165b179d09687fcdf53ec144341526cf0d67c0b6a908e17e194b1063c3d36bef1be486cae30ed31b9be4971caf0462806bfce8ec
-
SSDEEP
3072:FZ11Y1buBFYF2SoUtFZ6iOcjUdsIaPUFJPhXMNUCBV7rskKtYMFV9:FtYWfSoUp6irPU9kV7AkzMF7
Static task
static1
Behavioral task
behavioral1
Sample
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8.exe
-
Size
244KB
-
MD5
a12c47e39762edafed5850f5f52f64dc
-
SHA1
754088e7ad868ed59a470f2a94cf3804fe43ecda
-
SHA256
f19ed878802bdb4166745cfb493b5ff29ee9e9d3c1e6bb4c99c362a7c00f7db8
-
SHA512
b1c8bdec7d5dde1965e4a5ceca092746b944dc08b193e3ee056a1b805fbff937e14c0d06102c03c2a1cf7d1dde2587ec7886097bcca1b19e1518f613d749bd63
-
SSDEEP
6144:qsGnhchmYB+IedLnnyTDtGOWu8lqpnBof5tnrug:YnhchwyTDtG/u8lHTnrug
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-