General
-
Target
8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
-
Size
235KB
-
Sample
221205-qvch5shd7v
-
MD5
85938fbf341af7663ee5c0b2d4f828df
-
SHA1
bab30321241a8e2dff67b577f8b67d2858bf4848
-
SHA256
8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
-
SHA512
3bd0961e4e2783676ddf407b006ed88d201981454ac0ef996ae022f4c5b746c015fda7f39bc347cce4a13e28839e8a9b59486292e636e33af7e1ce1472781c99
-
SSDEEP
6144:3+lYNx0OWg5Kq+PwQoHp0DoK2KJSTfqrhmK:3+lYzXAeQR2KJqfqrhmK
Static task
static1
Behavioral task
behavioral1
Sample
8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
-
Size
235KB
-
MD5
85938fbf341af7663ee5c0b2d4f828df
-
SHA1
bab30321241a8e2dff67b577f8b67d2858bf4848
-
SHA256
8e092e082c89da4e0d6026c062228f1c5c8c1cd4bc8931e2b1dafbad00ea8330
-
SHA512
3bd0961e4e2783676ddf407b006ed88d201981454ac0ef996ae022f4c5b746c015fda7f39bc347cce4a13e28839e8a9b59486292e636e33af7e1ce1472781c99
-
SSDEEP
6144:3+lYNx0OWg5Kq+PwQoHp0DoK2KJSTfqrhmK:3+lYzXAeQR2KJqfqrhmK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-