General
-
Target
12fecaa8354a6cbec4bef7ad816eae82.exe
-
Size
657KB
-
Sample
221129-ryj8tshc39
-
MD5
12fecaa8354a6cbec4bef7ad816eae82
-
SHA1
7934b0b182486e1cca91c4379c30aea7d4ffd201
-
SHA256
b4846229dae345fd0ad046961062d0726f405d86f060e4f46a273ecd5e46a99d
-
SHA512
a208c7f271ab35228d74d53a0d83c943ca2277b481d2ffbc58216d8d4b4dd36869c58e63e8627f2c9589bfc27ad12a9a2ab450b759bb7af0d337d2879a2264cb
-
SSDEEP
12288:usSFJ3Be7oXzm4pptjeVSyy5jiEiETsGeW39MX2w5DedLOhuRQrkKoNl+Lw:usSFVBe7oX96EiETsFWNMmvYxsrn
Malware Config
Extracted
redline
2127311316_99
soccerschoolio.xyz:3306
soccerschoolio.xyz:28786
-
auth_value
654002f2d977391c884dc1705cf12df4
Targets
-
-
Target
12fecaa8354a6cbec4bef7ad816eae82.exe
-
Size
657KB
-
MD5
12fecaa8354a6cbec4bef7ad816eae82
-
SHA1
7934b0b182486e1cca91c4379c30aea7d4ffd201
-
SHA256
b4846229dae345fd0ad046961062d0726f405d86f060e4f46a273ecd5e46a99d
-
SHA512
a208c7f271ab35228d74d53a0d83c943ca2277b481d2ffbc58216d8d4b4dd36869c58e63e8627f2c9589bfc27ad12a9a2ab450b759bb7af0d337d2879a2264cb
-
SSDEEP
12288:usSFJ3Be7oXzm4pptjeVSyy5jiEiETsGeW39MX2w5DedLOhuRQrkKoNl+Lw:usSFVBe7oX96EiETsFWNMmvYxsrn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-