General
-
Target
b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98
-
Size
2.5MB
-
Sample
221129-wldyhafb6v
-
MD5
611e31ce10a647fa2e0387673fa63e2a
-
SHA1
bd4d2bbc1d833064cc472d3f62f9d79208fbba41
-
SHA256
b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98
-
SHA512
07026e9416520bc6e38ebe522622278126f17597905c7ea60dd9c07d595263a1c5fb3e569f1269b0bfc45b1c59dcacc5fa259556af0f759c830a9d037b53dc9b
-
SSDEEP
24576:2RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkuvgLNVuQQ:8jh3E7nVoYDv/3DpfuQNk
Static task
static1
Behavioral task
behavioral1
Sample
b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98
-
Size
2.5MB
-
MD5
611e31ce10a647fa2e0387673fa63e2a
-
SHA1
bd4d2bbc1d833064cc472d3f62f9d79208fbba41
-
SHA256
b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98
-
SHA512
07026e9416520bc6e38ebe522622278126f17597905c7ea60dd9c07d595263a1c5fb3e569f1269b0bfc45b1c59dcacc5fa259556af0f759c830a9d037b53dc9b
-
SSDEEP
24576:2RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkuvgLNVuQQ:8jh3E7nVoYDv/3DpfuQNk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-