General
-
Target
7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
-
Size
1.2MB
-
Sample
221115-3y1flacd3t
-
MD5
7ecebd28e0b5a7913e7523e6ff6f5fe9
-
SHA1
c16f9b7c14c037ab414be6f8d70e8e600c30c99c
-
SHA256
b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05
-
SHA512
c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae
-
SSDEEP
24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0
Static task
static1
Behavioral task
behavioral1
Sample
7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
love
45.15.157.0:22789
-
auth_value
f2b8ce19d1b1584a3972de28dfe5bf40
Targets
-
-
Target
7ecebd28e0b5a7913e7523e6ff6f5fe9.exe
-
Size
1.2MB
-
MD5
7ecebd28e0b5a7913e7523e6ff6f5fe9
-
SHA1
c16f9b7c14c037ab414be6f8d70e8e600c30c99c
-
SHA256
b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05
-
SHA512
c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae
-
SSDEEP
24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-