General
-
Target
7b41efd3d4c6320c2468e00bc9da08456786bb9cce27abf95e7e9f537636999d
-
Size
239KB
-
Sample
221205-vw1dtaac68
-
MD5
ce4644e8eeef08e813d31ffd5b80d308
-
SHA1
e4491036ffb9c5a439455bb341063f41bd9f2b6b
-
SHA256
7b41efd3d4c6320c2468e00bc9da08456786bb9cce27abf95e7e9f537636999d
-
SHA512
fd3a5728093618edee3d643857fffdfb5c5a4168cdd4c258d688d164bf297cf0b5a2488feb9e0b09d89643e56bf4f8b47fed9fa109fecde1eb0accede852b7e8
-
SSDEEP
3072:2x+Kgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcUmAxO:2x+KgWg5Kq+PwQoHp0DoK2KJSTfqrhmo
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
7b41efd3d4c6320c2468e00bc9da08456786bb9cce27abf95e7e9f537636999d
-
Size
239KB
-
MD5
ce4644e8eeef08e813d31ffd5b80d308
-
SHA1
e4491036ffb9c5a439455bb341063f41bd9f2b6b
-
SHA256
7b41efd3d4c6320c2468e00bc9da08456786bb9cce27abf95e7e9f537636999d
-
SHA512
fd3a5728093618edee3d643857fffdfb5c5a4168cdd4c258d688d164bf297cf0b5a2488feb9e0b09d89643e56bf4f8b47fed9fa109fecde1eb0accede852b7e8
-
SSDEEP
3072:2x+Kgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcUmAxO:2x+KgWg5Kq+PwQoHp0DoK2KJSTfqrhmo
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-