General
-
Target
2e16dfb89abc59fd0989baad129963ac.exe
-
Size
220KB
-
Sample
221118-w8w3laff9y
-
MD5
2e16dfb89abc59fd0989baad129963ac
-
SHA1
7cf7730705d5d3fd270979e2c830372f7915ca0a
-
SHA256
56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
-
SHA512
733d35eb2bac730c6ca214ef29a219490130f3db867a6b8715eb5d7630873b771f4bbb32ca5c9d488aaef222016bf3a0164983d4e8bde0ae389c1c4643141ce3
-
SSDEEP
3072:6PkmUG2g4rt1eyMA/VkVt01U5yfFzqjVvi5+/IpJAcQqiB8nhx92eeZDyYc1H+/:L9VgQLDsZmFGVw+/I3AcQqF2eCC9+/
Static task
static1
Behavioral task
behavioral1
Sample
2e16dfb89abc59fd0989baad129963ac.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
2e16dfb89abc59fd0989baad129963ac.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
New1
89.23.96.39:44465
-
auth_value
da0f38445d4388aa8d9d8d856edbd407
Targets
-
-
Target
2e16dfb89abc59fd0989baad129963ac.exe
-
Size
220KB
-
MD5
2e16dfb89abc59fd0989baad129963ac
-
SHA1
7cf7730705d5d3fd270979e2c830372f7915ca0a
-
SHA256
56647bb3df289fe03f38b8586855117dd86d59e5ab7baf2ae5944d896c7af42d
-
SHA512
733d35eb2bac730c6ca214ef29a219490130f3db867a6b8715eb5d7630873b771f4bbb32ca5c9d488aaef222016bf3a0164983d4e8bde0ae389c1c4643141ce3
-
SSDEEP
3072:6PkmUG2g4rt1eyMA/VkVt01U5yfFzqjVvi5+/IpJAcQqiB8nhx92eeZDyYc1H+/:L9VgQLDsZmFGVw+/I3AcQqF2eCC9+/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-