General
-
Target
466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
-
Size
234KB
-
Sample
221116-q5d5qafc3w
-
MD5
cce8615f9e697a298760ab4843b960fd
-
SHA1
e814ec411a2fb2cfed2a491ecc04f874035e98fa
-
SHA256
466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
-
SHA512
4d7d99d910b0fddcf40f4099260163172eb05fe66fdcfec5935989a3746da2f560e57a92be375f73325caca167d5c8e6a73b52acec1f6812cadd5f044269c11e
-
SSDEEP
3072:fEPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:f+ZnQ0gMqFl2cMlScQq192e+CfFBw
Static task
static1
Behavioral task
behavioral1
Sample
466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
711
194.110.203.100:32796
-
auth_value
24e3340d853c89cad1e25194559ee778
Targets
-
-
Target
466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
-
Size
234KB
-
MD5
cce8615f9e697a298760ab4843b960fd
-
SHA1
e814ec411a2fb2cfed2a491ecc04f874035e98fa
-
SHA256
466a20366f2f16813a26bdc6cce70a33d8c14bef069efbe24e0c028c9eb92c10
-
SHA512
4d7d99d910b0fddcf40f4099260163172eb05fe66fdcfec5935989a3746da2f560e57a92be375f73325caca167d5c8e6a73b52acec1f6812cadd5f044269c11e
-
SSDEEP
3072:fEPIO1y4Zn4rhuyJdBA/V0BV8lUkOnFXpnahpDI6RFlScQqiBAXgV0Bx92eedDys:f+ZnQ0gMqFl2cMlScQq192e+CfFBw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-