General
-
Target
file.exe
-
Size
217KB
-
Sample
221123-p4l89sga4w
-
MD5
616c54f3b83f8b8a31dd178a7a3af481
-
SHA1
d87a02d136b36435283d7fa3b3b41b1b97088e4e
-
SHA256
42cf041d4d3d613c8cb9fdef4d97ae376ba6aedee91334d7ba90cac8e406a915
-
SHA512
0121ac16f7191e17ec2494cb63056831012b60e19a7dcc79100b464ebd9f59edbf49e459ebbec8ff44e35a649ac66dee90db0f90469304f129a8e560b8fd9842
-
SSDEEP
3072:L84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:LfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@madboyza
193.106.191.138:32796
-
auth_value
9bfce7bfb110f8f53d96c7a32c655358
Targets
-
-
Target
file.exe
-
Size
217KB
-
MD5
616c54f3b83f8b8a31dd178a7a3af481
-
SHA1
d87a02d136b36435283d7fa3b3b41b1b97088e4e
-
SHA256
42cf041d4d3d613c8cb9fdef4d97ae376ba6aedee91334d7ba90cac8e406a915
-
SHA512
0121ac16f7191e17ec2494cb63056831012b60e19a7dcc79100b464ebd9f59edbf49e459ebbec8ff44e35a649ac66dee90db0f90469304f129a8e560b8fd9842
-
SSDEEP
3072:L84v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:LfvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-