General
-
Target
56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
-
Size
217KB
-
Sample
221123-xnz47afe89
-
MD5
699569f236c62d07da81b3f45cd70164
-
SHA1
e04e78193cb0b4097c6a5c453f4aeb22056101cb
-
SHA256
56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
-
SHA512
3998f9b45b6b745abbe5494eb132fd7657e9123354318e95346ea480634d12abed5b6517b5bbcc70d6b5bda29bdeef864066519152a275e424d4a5173cabd298
-
SSDEEP
3072:h04v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:hXvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Static task
static1
Behavioral task
behavioral1
Sample
56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@madboyza
193.106.191.138:32796
-
auth_value
9bfce7bfb110f8f53d96c7a32c655358
Targets
-
-
Target
56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
-
Size
217KB
-
MD5
699569f236c62d07da81b3f45cd70164
-
SHA1
e04e78193cb0b4097c6a5c453f4aeb22056101cb
-
SHA256
56ff6127dd5d3e5422abef1a013eb319cbd00a0bc8212991f4943bbf0f9c4c0e
-
SHA512
3998f9b45b6b745abbe5494eb132fd7657e9123354318e95346ea480634d12abed5b6517b5bbcc70d6b5bda29bdeef864066519152a275e424d4a5173cabd298
-
SSDEEP
3072:h04v790Lox+J4ETyre2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jwVS:hXvZ0Loqwe2xrjq6O4MJ4bM5Y4+cE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-