General
-
Target
6ca29843451682718a8cc03462bbd544.exe
-
Size
234KB
-
Sample
221130-kv1m3seg32
-
MD5
6ca29843451682718a8cc03462bbd544
-
SHA1
171b9c59f22abfc36827dfd635727db965bcb80b
-
SHA256
e77cc2db76d740d0e6cb865deb50ac9511f614a96c7f8636c2b68ab3ecdb4f98
-
SHA512
ae179e42115f0acc1c6430b80c8f9291c8902c790a6e71e3686f065826b48e39d9e9fc5911ad84106922decb3175770e0b5a786d79e9a22c82889060bf00c3a7
-
SSDEEP
3072:p16Glo1kYieIFQzANlIuDo5vtmcx5PXrbG1YmK4giOxTYz2nD5C5poKQRRd8/vXn:TlxNxGvt//PXrbpmtSTYkt9ovPoqgM
Malware Config
Extracted
redline
1
95.217.102.105:33508
-
auth_value
d1ba4561de5eb84044e2061ff7d1423c
Targets
-
-
Target
6ca29843451682718a8cc03462bbd544.exe
-
Size
234KB
-
MD5
6ca29843451682718a8cc03462bbd544
-
SHA1
171b9c59f22abfc36827dfd635727db965bcb80b
-
SHA256
e77cc2db76d740d0e6cb865deb50ac9511f614a96c7f8636c2b68ab3ecdb4f98
-
SHA512
ae179e42115f0acc1c6430b80c8f9291c8902c790a6e71e3686f065826b48e39d9e9fc5911ad84106922decb3175770e0b5a786d79e9a22c82889060bf00c3a7
-
SSDEEP
3072:p16Glo1kYieIFQzANlIuDo5vtmcx5PXrbG1YmK4giOxTYz2nD5C5poKQRRd8/vXn:TlxNxGvt//PXrbpmtSTYkt9ovPoqgM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-