General
-
Target
file.exe
-
Size
7.9MB
-
Sample
221204-ymhzysef5w
-
MD5
63cc611c54ebf90806061d94dfb7e1a8
-
SHA1
d70382bb56bdf63ff19ac01c8c25800467198938
-
SHA256
701e71b008f60ce7169b9ca046cf12ed79ff47942ac2443eeab1751b3f169fca
-
SHA512
f3aa77a78dcf295fc259cffbd31625c3f0deb2a270a94a4bd6a6da4922201a4d30c304a15e6703f5a61ad49390060d54e68210cb2431c497738bc44572909a9f
-
SSDEEP
49152:WLJq4qjSk3nx+bnFOlsdBg/0C8vJrdw9ZoEan:WLJq4qjSk3nx+bnp4/+vEan
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Install
manddarinn.art:81
-
auth_value
f9affed97251c08e7a096257ba9edfb2
Targets
-
-
Target
file.exe
-
Size
7.9MB
-
MD5
63cc611c54ebf90806061d94dfb7e1a8
-
SHA1
d70382bb56bdf63ff19ac01c8c25800467198938
-
SHA256
701e71b008f60ce7169b9ca046cf12ed79ff47942ac2443eeab1751b3f169fca
-
SHA512
f3aa77a78dcf295fc259cffbd31625c3f0deb2a270a94a4bd6a6da4922201a4d30c304a15e6703f5a61ad49390060d54e68210cb2431c497738bc44572909a9f
-
SSDEEP
49152:WLJq4qjSk3nx+bnFOlsdBg/0C8vJrdw9ZoEan:WLJq4qjSk3nx+bnp4/+vEan
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-