General
-
Target
ac46e80b62d38e79c74286d279fa9b6d01838739de4a94fa3f83f52b809b5d57
-
Size
2.5MB
-
Sample
221129-xnxdasag9w
-
MD5
f053cf169c9fa242322b6e9b3378dda7
-
SHA1
a01a3890a88c2885a86642ec55e193a0ccef0f7c
-
SHA256
ac46e80b62d38e79c74286d279fa9b6d01838739de4a94fa3f83f52b809b5d57
-
SHA512
8b7f236d2fda948fb2ad21a4af2dfcfff7c941e0782442935686d3b0e22345767918a242316e5bc652cfe142f381b6039abb076db4001564e76f8829f0b6462a
-
SSDEEP
24576:nRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqk1vgdAVuQS:Rjh3E7nVoYDv/3Dpf1kAu
Static task
static1
Behavioral task
behavioral1
Sample
ac46e80b62d38e79c74286d279fa9b6d01838739de4a94fa3f83f52b809b5d57.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
ac46e80b62d38e79c74286d279fa9b6d01838739de4a94fa3f83f52b809b5d57
-
Size
2.5MB
-
MD5
f053cf169c9fa242322b6e9b3378dda7
-
SHA1
a01a3890a88c2885a86642ec55e193a0ccef0f7c
-
SHA256
ac46e80b62d38e79c74286d279fa9b6d01838739de4a94fa3f83f52b809b5d57
-
SHA512
8b7f236d2fda948fb2ad21a4af2dfcfff7c941e0782442935686d3b0e22345767918a242316e5bc652cfe142f381b6039abb076db4001564e76f8829f0b6462a
-
SSDEEP
24576:nRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqk1vgdAVuQS:Rjh3E7nVoYDv/3Dpf1kAu
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-