General
-
Target
8faa33eafda749dc53500cdc586ce56af8f221d4e6ee389f59b2cde44090990c
-
Size
235KB
-
Sample
221205-sg352sec7z
-
MD5
f4e584d3464eeccfbcd2ace54bafd89f
-
SHA1
5a799bbda18a7ceeea442088115cc6017478e923
-
SHA256
8faa33eafda749dc53500cdc586ce56af8f221d4e6ee389f59b2cde44090990c
-
SHA512
6dddc08610b7f16f2593f012c81717f276e9a827fb58f056b9c6b19b2c5dfbf0def5274bc05246b01a055348085ac0359e8d692e61bea0ae7f44083ddaa19afd
-
SSDEEP
6144:A+lYNxUOWg5Kq+PwQoHp0DoK2KJSTfqrhmJ:A+lYz3AeQR2KJqfqrhmJ
Static task
static1
Behavioral task
behavioral1
Sample
8faa33eafda749dc53500cdc586ce56af8f221d4e6ee389f59b2cde44090990c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
8faa33eafda749dc53500cdc586ce56af8f221d4e6ee389f59b2cde44090990c
-
Size
235KB
-
MD5
f4e584d3464eeccfbcd2ace54bafd89f
-
SHA1
5a799bbda18a7ceeea442088115cc6017478e923
-
SHA256
8faa33eafda749dc53500cdc586ce56af8f221d4e6ee389f59b2cde44090990c
-
SHA512
6dddc08610b7f16f2593f012c81717f276e9a827fb58f056b9c6b19b2c5dfbf0def5274bc05246b01a055348085ac0359e8d692e61bea0ae7f44083ddaa19afd
-
SSDEEP
6144:A+lYNxUOWg5Kq+PwQoHp0DoK2KJSTfqrhmJ:A+lYz3AeQR2KJqfqrhmJ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-