General
-
Target
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4
-
Size
1.2MB
-
Sample
221118-ebw8nace3w
-
MD5
49128d358b90e7110e9f792e247d1db2
-
SHA1
da15de46c60bafa8493f3ebf65c6455230c0f7fb
-
SHA256
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4
-
SHA512
1f524959ef6788adf7da27c2fc847d15b404e740d56f9e92f388e23070f6bb0c8881c08e114590a966d4a0240368bd9dbd423318eac86935845fa85def0bfce4
-
SSDEEP
24576:AyTsIIQSREBz3op/xkIQKHmQGtaduEKq4:AyHSRLxkhVQGyhKq
Static task
static1
Behavioral task
behavioral1
Sample
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
RAMSES
77.73.134.54:19123
-
auth_value
3ba0ecb99f540fa197be387c2d886b1f
Targets
-
-
Target
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4
-
Size
1.2MB
-
MD5
49128d358b90e7110e9f792e247d1db2
-
SHA1
da15de46c60bafa8493f3ebf65c6455230c0f7fb
-
SHA256
4d9ca052a45d3b3cf3f995c5e070532f38c8c6f8817b8f008b7820b5d25152a4
-
SHA512
1f524959ef6788adf7da27c2fc847d15b404e740d56f9e92f388e23070f6bb0c8881c08e114590a966d4a0240368bd9dbd423318eac86935845fa85def0bfce4
-
SSDEEP
24576:AyTsIIQSREBz3op/xkIQKHmQGtaduEKq4:AyHSRLxkhVQGyhKq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-