General
-
Target
1dd52c75748c1e8e6af96d4cb5168046.exe
-
Size
294KB
-
Sample
221129-lg2tnaae2w
-
MD5
1dd52c75748c1e8e6af96d4cb5168046
-
SHA1
3a2022c22a6980ae5e4f75fee4602dd77a3bd94d
-
SHA256
1253507f5599aef807d0a86a542798b9215103cdf19ce2858b0731b73119e46d
-
SHA512
c91e4ee5ed2c60a6d0d8fd1db9215795ef795fb544e26c34ddb310de8630f1f358c886851191e1151f29a8bb16cd7f4c43d6ab7ab086a20249e253248bf86482
-
SSDEEP
3072:BoMpv2c2ULIUR9wdBViYfHkJQyIyQkPhtWVEt9Jf6hvOedbbkaUiM+xlMPuKqhne:SU2uw9pe/qCf6hvOem+xl4uRZen
Static task
static1
Behavioral task
behavioral1
Sample
1dd52c75748c1e8e6af96d4cb5168046.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1dd52c75748c1e8e6af96d4cb5168046.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
4
45.15.156.60:39908
-
auth_value
a78337a1d79bd33fe0a4c7afee93a6d0
Targets
-
-
Target
1dd52c75748c1e8e6af96d4cb5168046.exe
-
Size
294KB
-
MD5
1dd52c75748c1e8e6af96d4cb5168046
-
SHA1
3a2022c22a6980ae5e4f75fee4602dd77a3bd94d
-
SHA256
1253507f5599aef807d0a86a542798b9215103cdf19ce2858b0731b73119e46d
-
SHA512
c91e4ee5ed2c60a6d0d8fd1db9215795ef795fb544e26c34ddb310de8630f1f358c886851191e1151f29a8bb16cd7f4c43d6ab7ab086a20249e253248bf86482
-
SSDEEP
3072:BoMpv2c2ULIUR9wdBViYfHkJQyIyQkPhtWVEt9Jf6hvOedbbkaUiM+xlMPuKqhne:SU2uw9pe/qCf6hvOem+xl4uRZen
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-