General
-
Target
file.exe
-
Size
220KB
-
Sample
221115-r6z91sed33
-
MD5
25f1a2578d2e75a6675da2d0a241bcc6
-
SHA1
4a9fac02958151667851d4574eb0b49d6e875e41
-
SHA256
dd4be3093013e1a6b425a449daa9ae6cc6283f9b160208f54262dd98d7adb308
-
SHA512
066820fc5abe91f7f641fff172a600c7266ae874c4f537b94c3ad0d0fcdd97dc89a58b0cd87e4f3582d4d497fb4d25e303066768f4dbf4a9cb20b58db0927748
-
SSDEEP
3072:/PkmUG2g4rt1eyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1E:E9VgQLsgMqFl2cMlScQq192e+Cfq/
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
file.exe
-
Size
220KB
-
MD5
25f1a2578d2e75a6675da2d0a241bcc6
-
SHA1
4a9fac02958151667851d4574eb0b49d6e875e41
-
SHA256
dd4be3093013e1a6b425a449daa9ae6cc6283f9b160208f54262dd98d7adb308
-
SHA512
066820fc5abe91f7f641fff172a600c7266ae874c4f537b94c3ad0d0fcdd97dc89a58b0cd87e4f3582d4d497fb4d25e303066768f4dbf4a9cb20b58db0927748
-
SSDEEP
3072:/PkmUG2g4rt1eyjA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYc1E:E9VgQLsgMqFl2cMlScQq192e+Cfq/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-