General
-
Target
3cad311b263de264a8f9bebcbc0dac314c0dba23d36b47842d049a88a587dd64
-
Size
235KB
-
Sample
221205-rhmc9abe3v
-
MD5
c20682d40cfac359b5d2ef04abbe6c48
-
SHA1
87cc2248f1a949255ff9d4abdc962527bbe62458
-
SHA256
3cad311b263de264a8f9bebcbc0dac314c0dba23d36b47842d049a88a587dd64
-
SHA512
e1977a2d2e39e6be810cfec79bb910f5ae12d7c7f9f5912a237337e0099f6cd4a48a60588cc8be2401b95d82e6712ee7ca935fcb085996b5be63b217c1b3f8f5
-
SSDEEP
6144:P+lYNxKOWg5Kq+PwQoHp0DoK2KJSTfqrhmK:P+lYzVAeQR2KJqfqrhmK
Static task
static1
Behavioral task
behavioral1
Sample
3cad311b263de264a8f9bebcbc0dac314c0dba23d36b47842d049a88a587dd64.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
3cad311b263de264a8f9bebcbc0dac314c0dba23d36b47842d049a88a587dd64
-
Size
235KB
-
MD5
c20682d40cfac359b5d2ef04abbe6c48
-
SHA1
87cc2248f1a949255ff9d4abdc962527bbe62458
-
SHA256
3cad311b263de264a8f9bebcbc0dac314c0dba23d36b47842d049a88a587dd64
-
SHA512
e1977a2d2e39e6be810cfec79bb910f5ae12d7c7f9f5912a237337e0099f6cd4a48a60588cc8be2401b95d82e6712ee7ca935fcb085996b5be63b217c1b3f8f5
-
SSDEEP
6144:P+lYNxKOWg5Kq+PwQoHp0DoK2KJSTfqrhmK:P+lYzVAeQR2KJqfqrhmK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-