General
-
Target
file.exe
-
Size
220KB
-
Sample
221115-ppjjtsdh55
-
MD5
efcf97602bf3ccb40379a3f4dd3c4e11
-
SHA1
23396fdab87b45e1b78e083c76fcecebc47cd21b
-
SHA256
f70b16b0ceea077058ba86549ad36ba307a6a02469672aa3c3e63fb31378a81a
-
SHA512
2e4b5fa2056718ab182ca99eb36146f00850d2eac6a518d26ad07e0109c4176bf517e816ba75305761dfec69015a0eab4dbcea317204f5d2b381427b0f93f6c5
-
SSDEEP
3072:5PUWUG3Q4rGAeyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1U:+NYQQJsgMqFl2cMlScQq192e+CfqP
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
file.exe
-
Size
220KB
-
MD5
efcf97602bf3ccb40379a3f4dd3c4e11
-
SHA1
23396fdab87b45e1b78e083c76fcecebc47cd21b
-
SHA256
f70b16b0ceea077058ba86549ad36ba307a6a02469672aa3c3e63fb31378a81a
-
SHA512
2e4b5fa2056718ab182ca99eb36146f00850d2eac6a518d26ad07e0109c4176bf517e816ba75305761dfec69015a0eab4dbcea317204f5d2b381427b0f93f6c5
-
SSDEEP
3072:5PUWUG3Q4rGAeyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1U:+NYQQJsgMqFl2cMlScQq192e+CfqP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-