General
-
Target
e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31
-
Size
138KB
-
Sample
221205-rx2fqacg3x
-
MD5
3b24474846677189dbf7f79e8389ddf1
-
SHA1
3fe73bc04fb0ef5d4ab115e80b40fdc5a0d806c6
-
SHA256
4536bda8f367fb61325c5a651f16064b118e70b8ef10b2a936862607fa06e7b0
-
SHA512
00e5abee3bae27ff993fa82c5efd5f8bbc2abdb1663dfd59eeb43a041ed4daded2dc030f36a679eded82726bf1f79be3663745a412d651ce9b806470559bbd5f
-
SSDEEP
3072:voq6m4T5A/pxXSAWp4PYOee/P2Y2iWkIVVku1cz5acs/qohfp6l:voq6m4T5qpNnWOTee/qU6Vku1yaf/qoI
Static task
static1
Behavioral task
behavioral1
Sample
e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31
-
Size
217KB
-
MD5
f9a3d6f2837cc1bed784a815ee6c9279
-
SHA1
4efd65d9c20eecaa9e2d30de9f1ad26136a73711
-
SHA256
e85eb2e2678d8591cca5815b265a24c1578d115de282380c02a83c756b478a31
-
SHA512
43b755099d781ee4998acfc9338fb95e7569c138765c0827a2b05a57c3c2a8e6bd6ff7fb2dbc33d3ba05f5e97f438087c6973b99b9e242be9c91c84ab093ad05
-
SSDEEP
3072:eliReiFzW0qu7b4ee8fwmGzPMWxS+bsqLCX3knb95IcWdXCY9bTAIrFldT0cYxO:eliRewNveMwTDM4RVCkbSCY9f1b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-