General
-
Target
5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
-
Size
234KB
-
Sample
221116-nywp3sec7t
-
MD5
bbf813ba0ead26fad5ca73846aaac0cf
-
SHA1
c7cf1d788f354f205a898fc6481977d7f29a9fe7
-
SHA256
5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
-
SHA512
8f816eb442a250cd3dfa2d4573a617eafc92498d604ae10a69b8c848499412ccb9aca70fae504e89aa533917035af20a817830719a07e93a51bd92c7ec1d63c9
-
SSDEEP
3072:o6OIOpy4TM4rFdMyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedD1:oFTMQUgMqFl2cMlScQq192e+CfF1w
Static task
static1
Behavioral task
behavioral1
Sample
5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
-
Size
234KB
-
MD5
bbf813ba0ead26fad5ca73846aaac0cf
-
SHA1
c7cf1d788f354f205a898fc6481977d7f29a9fe7
-
SHA256
5bb88e08c1a08871a99adce0f3ae6f34c855c460f0ac77437cb4c73235824ab7
-
SHA512
8f816eb442a250cd3dfa2d4573a617eafc92498d604ae10a69b8c848499412ccb9aca70fae504e89aa533917035af20a817830719a07e93a51bd92c7ec1d63c9
-
SSDEEP
3072:o6OIOpy4TM4rFdMyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedD1:oFTMQUgMqFl2cMlScQq192e+CfF1w
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-