General
-
Target
file.exe
-
Size
234KB
-
Sample
221116-a2b8yscd91
-
MD5
3a7e04fb0a2ca2840f55e592ddd7c431
-
SHA1
3b4bf9185d84d23ab7c2643656e25dd09f136ae3
-
SHA256
e6d302a4849a5b211fb5351a4ed83bb2c337ad21bc78dbc7fe64482eea22edd6
-
SHA512
c755067233429b4220bc232c07555133d997de6e0011912bf6abf5cef53ab17c6c68855970b08d14427c14b0302b6341399594d8043dd7f5c9cd9766ef8a8b5f
-
SSDEEP
3072:ml/9OFy4kX4rRFyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyc:mukXQ1gMqFl2cMlScQq192e+CfFxw
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
file.exe
-
Size
234KB
-
MD5
3a7e04fb0a2ca2840f55e592ddd7c431
-
SHA1
3b4bf9185d84d23ab7c2643656e25dd09f136ae3
-
SHA256
e6d302a4849a5b211fb5351a4ed83bb2c337ad21bc78dbc7fe64482eea22edd6
-
SHA512
c755067233429b4220bc232c07555133d997de6e0011912bf6abf5cef53ab17c6c68855970b08d14427c14b0302b6341399594d8043dd7f5c9cd9766ef8a8b5f
-
SSDEEP
3072:ml/9OFy4kX4rRFyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDyc:mukXQ1gMqFl2cMlScQq192e+CfFxw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-