General
-
Target
63c02bf79ba67e69dfb5b5f115986f8b.exe
-
Size
242KB
-
Sample
221124-tdl8ssea48
-
MD5
63c02bf79ba67e69dfb5b5f115986f8b
-
SHA1
0282d75ca0ef8167e1798ab5925bdddf604753c9
-
SHA256
84806d7ed59a57fce9b4bb07519d78f25edd45c5e56c5739a252f4b4b3c701e2
-
SHA512
0b2923317ef6cd3b034f61a22ad47ea95a4bf4de6c5f11a04a22a638f6c6de7c5d80dd844f6608de40a746c40f7a3e468d8daba26f7f81807e8c6b0b3844ebea
-
SSDEEP
6144:71gE5wi2UCeNWGa+nMzVWMNQErpV2IviDnye3sEuYq7Z:pgEaACe1a+nMzVWMNQErpV2IvQypEuYa
Static task
static1
Behavioral task
behavioral1
Sample
63c02bf79ba67e69dfb5b5f115986f8b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
63c02bf79ba67e69dfb5b5f115986f8b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
37.220.87.2:27924
-
auth_value
e457de0f8e67971846447e9d0f415966
Targets
-
-
Target
63c02bf79ba67e69dfb5b5f115986f8b.exe
-
Size
242KB
-
MD5
63c02bf79ba67e69dfb5b5f115986f8b
-
SHA1
0282d75ca0ef8167e1798ab5925bdddf604753c9
-
SHA256
84806d7ed59a57fce9b4bb07519d78f25edd45c5e56c5739a252f4b4b3c701e2
-
SHA512
0b2923317ef6cd3b034f61a22ad47ea95a4bf4de6c5f11a04a22a638f6c6de7c5d80dd844f6608de40a746c40f7a3e468d8daba26f7f81807e8c6b0b3844ebea
-
SSDEEP
6144:71gE5wi2UCeNWGa+nMzVWMNQErpV2IviDnye3sEuYq7Z:pgEaACe1a+nMzVWMNQErpV2IvQypEuYa
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-