General
-
Target
47b9539dd6a15ad82e29508575c1a43e3c4289d74e8471b5154919f93627d112
-
Size
1.3MB
-
Sample
221120-jmlcragd7x
-
MD5
6764b2f15672781fba59a7cf7db9d273
-
SHA1
07f2f7e0a47e897e677155a5b09cb8d902fd3ec4
-
SHA256
47b9539dd6a15ad82e29508575c1a43e3c4289d74e8471b5154919f93627d112
-
SHA512
98d0a7fac907be2c04b78221c1ff849f70f9ccb106888e532751b29bca4a242ea459730f2fc908b732d44aaed7e8513b2a96dbc62962b576226419bcc293334c
-
SSDEEP
24576:po1Vu35TM6UL86X+1yxjP8oOAhgTAl7MgXLV:po1sGX86X0ujEowWQgXLV
Static task
static1
Behavioral task
behavioral1
Sample
47b9539dd6a15ad82e29508575c1a43e3c4289d74e8471b5154919f93627d112.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
persom
79.137.194.32:5050
-
auth_value
ba733e57bfdf072b2e7e78efb4e4739b
Targets
-
-
Target
47b9539dd6a15ad82e29508575c1a43e3c4289d74e8471b5154919f93627d112
-
Size
1.3MB
-
MD5
6764b2f15672781fba59a7cf7db9d273
-
SHA1
07f2f7e0a47e897e677155a5b09cb8d902fd3ec4
-
SHA256
47b9539dd6a15ad82e29508575c1a43e3c4289d74e8471b5154919f93627d112
-
SHA512
98d0a7fac907be2c04b78221c1ff849f70f9ccb106888e532751b29bca4a242ea459730f2fc908b732d44aaed7e8513b2a96dbc62962b576226419bcc293334c
-
SSDEEP
24576:po1Vu35TM6UL86X+1yxjP8oOAhgTAl7MgXLV:po1sGX86X0ujEowWQgXLV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-