General
-
Target
file
-
Size
221KB
-
Sample
221128-nhbpzaed41
-
MD5
dcd335f21ba43a212fad9025bbd50693
-
SHA1
159afbe29614eae88de9a6e395b8c7928fdb7b89
-
SHA256
19170ac5df6426de2d0cc9527d8f6357076ceb23ccdaaae8d943e47c90b0595b
-
SHA512
0c4791a57aeaba1eb34e933702ef1fb8724ea7741d40f51b0bad8b868173c6261c9792f48e238860d6355afe5ec9340f101954fb5f0b31ecfd24486f91dae709
-
SSDEEP
3072:0KLJAJEj5rLIFQixos8FyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqM:06FrmfoDM7FUyf2AhZjwIND9
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
file
-
Size
221KB
-
MD5
dcd335f21ba43a212fad9025bbd50693
-
SHA1
159afbe29614eae88de9a6e395b8c7928fdb7b89
-
SHA256
19170ac5df6426de2d0cc9527d8f6357076ceb23ccdaaae8d943e47c90b0595b
-
SHA512
0c4791a57aeaba1eb34e933702ef1fb8724ea7741d40f51b0bad8b868173c6261c9792f48e238860d6355afe5ec9340f101954fb5f0b31ecfd24486f91dae709
-
SSDEEP
3072:0KLJAJEj5rLIFQixos8FyBrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqM:06FrmfoDM7FUyf2AhZjwIND9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-