General
-
Target
90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe.vir
-
Size
4.2MB
-
Sample
221202-dkdbgagc68
-
MD5
0893aeeca2f3b788f3281b40f432ea87
-
SHA1
ee329d6690fa9083926f47467c6f4b5699409247
-
SHA256
458d2e1bc2bb46bd5610bf3faa5d48f3718ad72174d7da25c12ccdf8ff7e0570
-
SHA512
f524fc78f422782abd90daa549169ec7e65f162a249da794ab22884f66d39ca6955b8224f0e1432c290d562affff52f1e02cbac267ca7a74b1ec59b1540eece9
-
SSDEEP
98304:S+W2tgj7eiP1+bzgJyM4sYXCl6fMX2hs/4Tq9KLz63g:SStgmq1og8AkC4fMlQ
Static task
static1
Behavioral task
behavioral1
Sample
90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
pro
79.137.199.206:45354
-
auth_value
e20e8d1492a37ff0cfab3cd3f6c60362
Targets
-
-
Target
90b902a384f7b3da868569a30cbebf140a895fcf028653dfbfb90f5fa6d0d21e.exe.vir
-
Size
4.2MB
-
MD5
0893aeeca2f3b788f3281b40f432ea87
-
SHA1
ee329d6690fa9083926f47467c6f4b5699409247
-
SHA256
458d2e1bc2bb46bd5610bf3faa5d48f3718ad72174d7da25c12ccdf8ff7e0570
-
SHA512
f524fc78f422782abd90daa549169ec7e65f162a249da794ab22884f66d39ca6955b8224f0e1432c290d562affff52f1e02cbac267ca7a74b1ec59b1540eece9
-
SSDEEP
98304:S+W2tgj7eiP1+bzgJyM4sYXCl6fMX2hs/4Tq9KLz63g:SStgmq1og8AkC4fMlQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-