General
-
Target
36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
-
Size
149KB
-
Sample
221127-jrz2psef4v
-
MD5
1084866d0af1783c18ba3366a4cce613
-
SHA1
61c8d2948ba4acaf0c7a49acaf896096d2592ae8
-
SHA256
36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
-
SHA512
c0f7eb52ce67bc23c7417f33d568cc5be560c9947a0ee3f33840e62350dd232c0a6c37d7c1d0a222524c0275916eceecd0136ef44b0a650ae94ecdf84c9dd4a9
-
SSDEEP
3072:yxai1itkN1B5waJyJFsHuF5ytw/VFo7NLaMpu:ptkN+SyJFsHu3ytw/VENWM4
Static task
static1
Malware Config
Extracted
redline
newlogs
77.73.133.70:38819
-
auth_value
05a73a1692c3aebb2a26f1a593237a77
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Targets
-
-
Target
36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
-
Size
149KB
-
MD5
1084866d0af1783c18ba3366a4cce613
-
SHA1
61c8d2948ba4acaf0c7a49acaf896096d2592ae8
-
SHA256
36d71feca4c06834bff8498611e8efa142d25e19de498ee3994ce78e0baa836a
-
SHA512
c0f7eb52ce67bc23c7417f33d568cc5be560c9947a0ee3f33840e62350dd232c0a6c37d7c1d0a222524c0275916eceecd0136ef44b0a650ae94ecdf84c9dd4a9
-
SSDEEP
3072:yxai1itkN1B5waJyJFsHuF5ytw/VFo7NLaMpu:ptkN+SyJFsHu3ytw/VENWM4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-