General
-
Target
0bcc59d56201562263433589309e14a62e83c1ca96c36a5747eb7c2821ef9c65
-
Size
216KB
-
Sample
221129-qr1fssff9z
-
MD5
89068404bdfa71d6593bc82acb6330a1
-
SHA1
d4ddc3377212e368f4796dfdf6e2241a4fc30c09
-
SHA256
0bcc59d56201562263433589309e14a62e83c1ca96c36a5747eb7c2821ef9c65
-
SHA512
097d99e47e26d85949c0a298b54b745356397f955bbee9c27515a2dfbac0c3b3095676082b17528288f14bc57109ec74455266c21c18b5bc0b1e436be0576311
-
SSDEEP
3072:shbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:XCxGNp7FUyf2AhZjwINut
Static task
static1
Behavioral task
behavioral1
Sample
0bcc59d56201562263433589309e14a62e83c1ca96c36a5747eb7c2821ef9c65.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
0bcc59d56201562263433589309e14a62e83c1ca96c36a5747eb7c2821ef9c65
-
Size
216KB
-
MD5
89068404bdfa71d6593bc82acb6330a1
-
SHA1
d4ddc3377212e368f4796dfdf6e2241a4fc30c09
-
SHA256
0bcc59d56201562263433589309e14a62e83c1ca96c36a5747eb7c2821ef9c65
-
SHA512
097d99e47e26d85949c0a298b54b745356397f955bbee9c27515a2dfbac0c3b3095676082b17528288f14bc57109ec74455266c21c18b5bc0b1e436be0576311
-
SSDEEP
3072:shbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:XCxGNp7FUyf2AhZjwINut
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-