General
-
Target
driver.exe
-
Size
2.5MB
-
Sample
221129-w9c14shd6t
-
MD5
3a3fa6e19b606f700fa5a0d238de8915
-
SHA1
6211694e6cd50584f368b87f7c69bf2eda502c90
-
SHA256
1fc42b8450c8ffb2c4189e3064cd08edf0ff3259e9ccbb635dde6ae0782eae1a
-
SHA512
83c2c913f5147341c5334b05b207715e648b9778f1cd1a7af6888f714e7fe04585ba21cd9440a7a3e8c280c99acc8f8a397a400897ebae0fb0ecb60320eaf48b
-
SSDEEP
24576:KxTo3fi6zSaHcsFV03AQgs5ehYWTnxoQ/D2+mpS/5sqR91ldaHQqenA4jBmkg1gU:IT22ZePnxogDP/5fF7aHGg0j0
Static task
static1
Behavioral task
behavioral1
Sample
driver.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
45.15.157.131:36457
-
auth_value
c3342eec6a24dd88f1e2d37af96605d8
Targets
-
-
Target
driver.exe
-
Size
2.5MB
-
MD5
3a3fa6e19b606f700fa5a0d238de8915
-
SHA1
6211694e6cd50584f368b87f7c69bf2eda502c90
-
SHA256
1fc42b8450c8ffb2c4189e3064cd08edf0ff3259e9ccbb635dde6ae0782eae1a
-
SHA512
83c2c913f5147341c5334b05b207715e648b9778f1cd1a7af6888f714e7fe04585ba21cd9440a7a3e8c280c99acc8f8a397a400897ebae0fb0ecb60320eaf48b
-
SSDEEP
24576:KxTo3fi6zSaHcsFV03AQgs5ehYWTnxoQ/D2+mpS/5sqR91ldaHQqenA4jBmkg1gU:IT22ZePnxogDP/5fF7aHGg0j0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-