General
-
Target
file.exe
-
Size
217KB
-
Sample
221123-ggvm5agc31
-
MD5
3ee2d2c044853c61e077deca7aaf46f8
-
SHA1
7c4eb1cfc50d8084bc4d4247e6d5b442f4b0dae1
-
SHA256
4268a707cdc42b0b2543831ff435c280efbab5dc7424bb519bc9a1f3ffaca9a0
-
SHA512
c0a11a8029938e1813cf4dc17b8024606e69049f33d0958ef25235ee68d67cc46b7b700091a41b4573eb8b7114694576aad804e9104565154a5e7c0330ddf788
-
SSDEEP
3072:JE4v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:JnvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@madboyza
193.106.191.138:32796
-
auth_value
9bfce7bfb110f8f53d96c7a32c655358
Targets
-
-
Target
file.exe
-
Size
217KB
-
MD5
3ee2d2c044853c61e077deca7aaf46f8
-
SHA1
7c4eb1cfc50d8084bc4d4247e6d5b442f4b0dae1
-
SHA256
4268a707cdc42b0b2543831ff435c280efbab5dc7424bb519bc9a1f3ffaca9a0
-
SHA512
c0a11a8029938e1813cf4dc17b8024606e69049f33d0958ef25235ee68d67cc46b7b700091a41b4573eb8b7114694576aad804e9104565154a5e7c0330ddf788
-
SSDEEP
3072:JE4v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:JnvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-