General
-
Target
file.exe
-
Size
209KB
-
Sample
221126-wpqrgadc65
-
MD5
4f6f1e21166488e9c7e1b395051bbd9d
-
SHA1
74e4378d17d36bbaffabb024e50e57be735d8b32
-
SHA256
538b97821cb7545514296decdcfe474717ce95648c4260da497bfd233aa99ffc
-
SHA512
24e0f9aa61d35b754d1fe26a4a4a44da657f196d7662f6d2cc26ae7f24d44a80d47de8d202d20c32c67d176ffc2a783805564a81ee7e5efabd5537ebd1aceb84
-
SSDEEP
3072:Pz0Rj65siQRWyvWY0tKtC+m/7izn19CagF/aBQf9bSlx8uqCUM0MbtWuu9xGEFV:Pzw6CiQIY04Ev/7iYVJ9bevUM0EfEd
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
newlogs
77.73.133.70:38819
-
auth_value
05a73a1692c3aebb2a26f1a593237a77
Targets
-
-
Target
file.exe
-
Size
209KB
-
MD5
4f6f1e21166488e9c7e1b395051bbd9d
-
SHA1
74e4378d17d36bbaffabb024e50e57be735d8b32
-
SHA256
538b97821cb7545514296decdcfe474717ce95648c4260da497bfd233aa99ffc
-
SHA512
24e0f9aa61d35b754d1fe26a4a4a44da657f196d7662f6d2cc26ae7f24d44a80d47de8d202d20c32c67d176ffc2a783805564a81ee7e5efabd5537ebd1aceb84
-
SSDEEP
3072:Pz0Rj65siQRWyvWY0tKtC+m/7izn19CagF/aBQf9bSlx8uqCUM0MbtWuu9xGEFV:Pzw6CiQIY04Ev/7iYVJ9bevUM0EfEd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-