General
-
Target
3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
-
Size
201KB
-
Sample
221201-xnwf1aah35
-
MD5
b8d34a3cf4b96030c9c641c0603e155b
-
SHA1
2d6ac2d8b3708d0c7ba0597a090962f0064650a9
-
SHA256
3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
-
SHA512
3df4f9873cc31b50934b18e3e37c9b74e2004ce671306c58507b594958017eaf3034a6392f4e214fe528b770238c3b6df22fc4e662200d184c5922e0d3b1e251
-
SSDEEP
3072:BrEnPaejyHmxkHieLXgVMh07XnS/sJIDp0qQjU7hvhYTW/uAVRum6SAxtHxO:BYnPMGAiWXg3rSaIVgjUFiW/uvle
Static task
static1
Behavioral task
behavioral1
Sample
3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
-
Size
201KB
-
MD5
b8d34a3cf4b96030c9c641c0603e155b
-
SHA1
2d6ac2d8b3708d0c7ba0597a090962f0064650a9
-
SHA256
3d0c2431383b47b796ddf379eab25327b504e1b8c322febedbfcee928e36ef49
-
SHA512
3df4f9873cc31b50934b18e3e37c9b74e2004ce671306c58507b594958017eaf3034a6392f4e214fe528b770238c3b6df22fc4e662200d184c5922e0d3b1e251
-
SSDEEP
3072:BrEnPaejyHmxkHieLXgVMh07XnS/sJIDp0qQjU7hvhYTW/uAVRum6SAxtHxO:BYnPMGAiWXg3rSaIVgjUFiW/uvle
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-