General
-
Target
48dfd169c5f2b8b83da0d7059f6b1f9da8834e2eaca7f049a610e6fdb2e14cc7
-
Size
145KB
-
Sample
221129-vj8vesgg24
-
MD5
9fa14cb7ed5a9c672288aa922978e636
-
SHA1
ddd9103ffd2310cd84555bd308c8041ba849bc69
-
SHA256
3e8c939497b679baad3796ebee1a976bd8958c680e221a99df744dd5dcf2cdaa
-
SHA512
e14fe51caf3dc57a447f0324cc9cf7a42ef8caf503644ffc7bedc2d4f89d702ee97c506bc8f2744c209f49b2bd7add53a46adae7c7f4292518550382180443c7
-
SSDEEP
3072:lGT9Zq3qtTguLQBqhxhGvoRHP1qV/KVIvouZRb4CGSOkG60W2Ie8YcHTNM3jM:8U+guqA91eCivoc54Cv2gYcHxQM
Static task
static1
Behavioral task
behavioral1
Sample
48dfd169c5f2b8b83da0d7059f6b1f9da8834e2eaca7f049a610e6fdb2e14cc7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
48dfd169c5f2b8b83da0d7059f6b1f9da8834e2eaca7f049a610e6fdb2e14cc7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
48dfd169c5f2b8b83da0d7059f6b1f9da8834e2eaca7f049a610e6fdb2e14cc7
-
Size
216KB
-
MD5
5cc4876db7693825c82beeb5bacf4592
-
SHA1
8caeeede8be15bbcd3c45ea63b93cedbf07d7ef6
-
SHA256
48dfd169c5f2b8b83da0d7059f6b1f9da8834e2eaca7f049a610e6fdb2e14cc7
-
SHA512
779cf79ba5b49f454a4ec74157e841496dab0fc27efa5b5bd7d52b1457c0a65c4642e7ca4ed6a59744b18835e49639ab88ed52f2fae32ad6bc0d8b66b18a015e
-
SSDEEP
3072:qhbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:hCxGNp7FUyf2AhZjwINut
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-