General
-
Target
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e
-
Size
1.1MB
-
Sample
221126-2ajx9sdb7x
-
MD5
961a8e95c599c8c0b93a9be1a1595276
-
SHA1
2bc58c9b4174528ceb1c087b2132c027e59771b9
-
SHA256
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e
-
SHA512
060d7863e1777d3252776f7a5de9fe273a1d55f9be21294c605f920bc6861300115a14430e53aca9d59c9c9b82a40212e282988c373a37dda9f549ea1280ce3e
-
SSDEEP
24576:kT6B4S0PQpkA6NQxbEbjKsHLR/t1YUMCrX01o4P7Mb:w6BNne6g/VMCrXWTQb
Static task
static1
Behavioral task
behavioral1
Sample
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
RAMSES
77.73.134.54:19123
-
auth_value
3ba0ecb99f540fa197be387c2d886b1f
Extracted
redline
Main
109.206.243.58:81
-
auth_value
8d4fa15b87cebd556cbb5208a3db0fdc
Targets
-
-
Target
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e
-
Size
1.1MB
-
MD5
961a8e95c599c8c0b93a9be1a1595276
-
SHA1
2bc58c9b4174528ceb1c087b2132c027e59771b9
-
SHA256
fa9fd2326463dbf70da032a4d6c59ca75d489cfab4d5a6a1cc58a66b4bccfb4e
-
SHA512
060d7863e1777d3252776f7a5de9fe273a1d55f9be21294c605f920bc6861300115a14430e53aca9d59c9c9b82a40212e282988c373a37dda9f549ea1280ce3e
-
SSDEEP
24576:kT6B4S0PQpkA6NQxbEbjKsHLR/t1YUMCrX01o4P7Mb:w6BNne6g/VMCrXWTQb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-