General
-
Target
4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
-
Size
2.5MB
-
Sample
221129-w5pt4sha3z
-
MD5
b8e86530db730cf4ab032fb4c297c629
-
SHA1
9372007968cdf3e87e2aeeafc4dfb05732c88b45
-
SHA256
4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
-
SHA512
109d4ffc181a64cb9ef408ecbd7480813225ed3230809a51cf0dbe708f50edce9188db9b302107e6a06acc763f605c6de2601c3e9fd352cfe18f40a224dc61b4
-
SSDEEP
24576:eRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkfvgNVuQ5G:Ujh3E7nVoYDv/3Dpffw0
Static task
static1
Behavioral task
behavioral1
Sample
4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
-
Size
2.5MB
-
MD5
b8e86530db730cf4ab032fb4c297c629
-
SHA1
9372007968cdf3e87e2aeeafc4dfb05732c88b45
-
SHA256
4aed6abad2cfab24ec5f27c0f54ee5486a4b78159f1769db32c2421662584346
-
SHA512
109d4ffc181a64cb9ef408ecbd7480813225ed3230809a51cf0dbe708f50edce9188db9b302107e6a06acc763f605c6de2601c3e9fd352cfe18f40a224dc61b4
-
SSDEEP
24576:eRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkfvgNVuQ5G:Ujh3E7nVoYDv/3Dpffw0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-