General
-
Target
d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
-
Size
223KB
-
Sample
221125-b9gdbagb3x
-
MD5
7ef95a5768f32e8e63ed2ae3aa73ed8c
-
SHA1
b62e504456e50e0c1ae512737aeb77b82aeabfae
-
SHA256
d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
-
SHA512
7538e4a4f6b6968c7ba8f4e75c6d379094e5c3e8bcf7b53419d2939b5d1f52f286de07d08f0118d051ef8cfe36a0c548ee3363f1fc3cd86efd525f1f8d20c551
-
SSDEEP
3072:OfuIXBTScabTW7y/e2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jw5:OfuIRTScamce2xrjq6O4MJ4bM5Y4+cE
Static task
static1
Behavioral task
behavioral1
Sample
d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@madboyza
193.106.191.138:32796
-
auth_value
9bfce7bfb110f8f53d96c7a32c655358
Targets
-
-
Target
d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
-
Size
223KB
-
MD5
7ef95a5768f32e8e63ed2ae3aa73ed8c
-
SHA1
b62e504456e50e0c1ae512737aeb77b82aeabfae
-
SHA256
d2c8dcc2be8b57046dc19d9f34b6d8b350920557311ef493a57ed5a6d9b234af
-
SHA512
7538e4a4f6b6968c7ba8f4e75c6d379094e5c3e8bcf7b53419d2939b5d1f52f286de07d08f0118d051ef8cfe36a0c548ee3363f1fc3cd86efd525f1f8d20c551
-
SSDEEP
3072:OfuIXBTScabTW7y/e2xRc0jqr76OlnA9DMpYU4KZe8JbJ3Yl6PR+cpY8jw5:OfuIRTScamce2xrjq6O4MJ4bM5Y4+cE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-