General
-
Target
66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
-
Size
234KB
-
Sample
221115-xpql5sfd23
-
MD5
ca8c41e754da35b3fb102241a51a589b
-
SHA1
586e33407629b6b05a0d7ab74315bf69c4474357
-
SHA256
66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
-
SHA512
be3323dda43fa152e3f6f9f31339ce31cc0aa394cce399133c66fb9337553815bc925f24d0b9b3c2ea5a6ecff6ab70b15ed9dbaca05f3c68c5bac4d50025d425
-
SSDEEP
3072:WUPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:WOZnQ0gMqFl2cMlScQq192e+CfFBw
Static task
static1
Behavioral task
behavioral1
Sample
66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
-
Size
234KB
-
MD5
ca8c41e754da35b3fb102241a51a589b
-
SHA1
586e33407629b6b05a0d7ab74315bf69c4474357
-
SHA256
66e5ee4dc63782ca8306c0958e643003b6a527ea0766a3b73764fddf94fa247f
-
SHA512
be3323dda43fa152e3f6f9f31339ce31cc0aa394cce399133c66fb9337553815bc925f24d0b9b3c2ea5a6ecff6ab70b15ed9dbaca05f3c68c5bac4d50025d425
-
SSDEEP
3072:WUPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:WOZnQ0gMqFl2cMlScQq192e+CfFBw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-