General
-
Target
c296e11ddc734939a1b44be2deb19f69.exe
-
Size
245KB
-
Sample
221120-hqxphsbh33
-
MD5
c296e11ddc734939a1b44be2deb19f69
-
SHA1
f35d071156e81ffc48f6b953754bac20ef4fb318
-
SHA256
065cbf8a5650089f83b6187da6fe90741e5b8c9d645159c4c42480ac8734719b
-
SHA512
c893eeb405efa82543518b8f019c278e1f88e499da1e4fc9f1c714d182f03d1cd93e5f40adef69f41510f9292a6ed13ddcaa510c3c99001b4f204ba4baadd29e
-
SSDEEP
6144:qrNrKSzixoeEgMCtjLctzA1jqb7ZdGWDzkCuYqLB:wrKKiee1tjLctzA1jqb7ZdGWXNuYq
Malware Config
Extracted
redline
1
79.137.196.94:48705
-
auth_value
6a4b05ef943a0dd801fd01dfbb9eb717
Targets
-
-
Target
c296e11ddc734939a1b44be2deb19f69.exe
-
Size
245KB
-
MD5
c296e11ddc734939a1b44be2deb19f69
-
SHA1
f35d071156e81ffc48f6b953754bac20ef4fb318
-
SHA256
065cbf8a5650089f83b6187da6fe90741e5b8c9d645159c4c42480ac8734719b
-
SHA512
c893eeb405efa82543518b8f019c278e1f88e499da1e4fc9f1c714d182f03d1cd93e5f40adef69f41510f9292a6ed13ddcaa510c3c99001b4f204ba4baadd29e
-
SSDEEP
6144:qrNrKSzixoeEgMCtjLctzA1jqb7ZdGWDzkCuYqLB:wrKKiee1tjLctzA1jqb7ZdGWXNuYq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-