General
-
Target
7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
-
Size
235KB
-
Sample
221205-p9djbaff4s
-
MD5
438ab147d113c399fa21fdd19805db80
-
SHA1
234346952d0ea8cb6dbc9247d8bfdfae9126142f
-
SHA256
7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
-
SHA512
6eca9d064b142715071ad9c36756af81c6dcef14a485835fb52be0388781c83fd815cadc13f8519fcca04220fcc34962147860619a7692ef4baf29260d6606cc
-
SSDEEP
6144:P+lYNxiOWg5Kq+PwQoHp0DoK2KJSTfqrhm1:P+lYztAeQR2KJqfqrhm1
Static task
static1
Behavioral task
behavioral1
Sample
7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
-
Size
235KB
-
MD5
438ab147d113c399fa21fdd19805db80
-
SHA1
234346952d0ea8cb6dbc9247d8bfdfae9126142f
-
SHA256
7a836d9d00e7012b86b678cebea7239239bf173ae38984088dbebe4fd93131e7
-
SHA512
6eca9d064b142715071ad9c36756af81c6dcef14a485835fb52be0388781c83fd815cadc13f8519fcca04220fcc34962147860619a7692ef4baf29260d6606cc
-
SSDEEP
6144:P+lYNxiOWg5Kq+PwQoHp0DoK2KJSTfqrhm1:P+lYztAeQR2KJqfqrhm1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-