General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13511.10481.exe
-
Size
216KB
-
Sample
221129-t2hkhsfa73
-
MD5
c74ccbd892afa5e51f55c0681e32fe87
-
SHA1
5b88061045531a50c8780c3ec3c41ded97075f5d
-
SHA256
8edcb1fdae1982b1b32a07a3f5dfe00664e9cda1c63ea3fbd615b895f37b3bb5
-
SHA512
d8cbc85974fa193ba7ef5fd8c4c6fa6986363c9d943077adf2356d4b9c92a1f0aac56fb8d05d2ca221840f9a9f38b190ac80616747b3f0fdc603bf1c40767710
-
SSDEEP
3072:6hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:xCxGNp7FUyf2AhZjwINut
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.13511.10481.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.13511.10481.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.13511.10481.exe
-
Size
216KB
-
MD5
c74ccbd892afa5e51f55c0681e32fe87
-
SHA1
5b88061045531a50c8780c3ec3c41ded97075f5d
-
SHA256
8edcb1fdae1982b1b32a07a3f5dfe00664e9cda1c63ea3fbd615b895f37b3bb5
-
SHA512
d8cbc85974fa193ba7ef5fd8c4c6fa6986363c9d943077adf2356d4b9c92a1f0aac56fb8d05d2ca221840f9a9f38b190ac80616747b3f0fdc603bf1c40767710
-
SSDEEP
3072:6hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:xCxGNp7FUyf2AhZjwINut
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-