General
-
Target
e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
-
Size
234KB
-
Sample
221115-te9qgsad9z
-
MD5
ebe1870be2fa78527fec23e2100a051e
-
SHA1
eb593043f75a28dbd01f2d9e1298479a7e0b178d
-
SHA256
e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
-
SHA512
4bca49294680089a42d92098846cb11e211805a6593e36bb3d106aa1d6b546cfaa7e60cdec6751d3ef7ae3b3673c5a7de63c5ec709980d2b2c69ab099e3289d6
-
SSDEEP
3072:TFf1Oly4I34rutyAA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYcQ:TiI3QBgMqFl2cMlScQq192e+CfFRw
Static task
static1
Behavioral task
behavioral1
Sample
e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
-
Size
234KB
-
MD5
ebe1870be2fa78527fec23e2100a051e
-
SHA1
eb593043f75a28dbd01f2d9e1298479a7e0b178d
-
SHA256
e4565b29f687b5bce49974fec485c8e9cb9b308ccd9ffc3e1abb8d9c6355cf30
-
SHA512
4bca49294680089a42d92098846cb11e211805a6593e36bb3d106aa1d6b546cfaa7e60cdec6751d3ef7ae3b3673c5a7de63c5ec709980d2b2c69ab099e3289d6
-
SSDEEP
3072:TFf1Oly4I34rutyAA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyYcQ:TiI3QBgMqFl2cMlScQq192e+CfFRw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-