General
-
Target
fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
-
Size
590KB
-
Sample
221115-cstsraee75
-
MD5
d83c68b004860f9df81e16471daef592
-
SHA1
b0f94bcaa4c806b9a35d7b8762c0ec5abf25ae9c
-
SHA256
fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
-
SHA512
a716c0d6069b40b5e829a2555fa7b834ceb06de52837ab512ef2915b4a9bfe225a0e10c40a2f44fac636b15a42b87c701c0ad4a81ea840d09e3e7b4ceadaf084
-
SSDEEP
12288:UqCRbKWcTFDCoXBSP8edJk0/9yVnuYptBP5xwVQjjw:Uf0SPJdJJ9MjPfwVQjU
Static task
static1
Behavioral task
behavioral1
Sample
fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
-
Size
590KB
-
MD5
d83c68b004860f9df81e16471daef592
-
SHA1
b0f94bcaa4c806b9a35d7b8762c0ec5abf25ae9c
-
SHA256
fbc2c0e4cd92c2baf24a96418c5598cc62bf11171e1bb7c423332c3f6782f37b
-
SHA512
a716c0d6069b40b5e829a2555fa7b834ceb06de52837ab512ef2915b4a9bfe225a0e10c40a2f44fac636b15a42b87c701c0ad4a81ea840d09e3e7b4ceadaf084
-
SSDEEP
12288:UqCRbKWcTFDCoXBSP8edJk0/9yVnuYptBP5xwVQjjw:Uf0SPJdJJ9MjPfwVQjU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-