General
-
Target
e248b14888fbc6dc6d2d8b354af8056f4c656a2955dbf08cfed674a74f91fbbd
-
Size
2.5MB
-
Sample
221129-yq1zyabd37
-
MD5
298447deb6528d36a966b1c42e1302d9
-
SHA1
d622280bf2c503e9ff99614dddd8751759756c38
-
SHA256
e248b14888fbc6dc6d2d8b354af8056f4c656a2955dbf08cfed674a74f91fbbd
-
SHA512
af9aaff1127c74a277c17e90e60fcdfefb98933aa312ddfd717d08e0706f7f18089e69714857bb25fc3a7bc57ed552efc1e53e5c3c16ac8a15bb36af19140e4d
-
SSDEEP
24576:BRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkLvgk7VuQl:fjh3E7nVoYDv/3DpfLz75
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
e248b14888fbc6dc6d2d8b354af8056f4c656a2955dbf08cfed674a74f91fbbd
-
Size
2.5MB
-
MD5
298447deb6528d36a966b1c42e1302d9
-
SHA1
d622280bf2c503e9ff99614dddd8751759756c38
-
SHA256
e248b14888fbc6dc6d2d8b354af8056f4c656a2955dbf08cfed674a74f91fbbd
-
SHA512
af9aaff1127c74a277c17e90e60fcdfefb98933aa312ddfd717d08e0706f7f18089e69714857bb25fc3a7bc57ed552efc1e53e5c3c16ac8a15bb36af19140e4d
-
SSDEEP
24576:BRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkLvgk7VuQl:fjh3E7nVoYDv/3DpfLz75
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-