General
-
Target
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951
-
Size
343KB
-
Sample
221206-eyz8tshd63
-
MD5
b78af653a842b7b6c6c933a017e7a739
-
SHA1
cfb6d102f411e5d98b81c6a541d415eedd8c6117
-
SHA256
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951
-
SHA512
afed350599526ecb11af07c44edffa555352b0d55ce70efd07e7b1b590c35ecce79ad0fd0da830f9a84e35f4c85e5f16cf1d08b082ca13708a7ffcdcec7a1bb5
-
SSDEEP
3072:4d60Lv/51lTrToz86kRjpypcXmdy43rBClEPJ8fteIcFR/51e5BC3TXcne94rVLs:4d60jB1lnTXXmdy43rBBh7R/amTS6FhT
Static task
static1
Behavioral task
behavioral1
Sample
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
31.41.244.185:29803
-
auth_value
175af2c72516994a3af8e3bbf9479608
Targets
-
-
Target
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951
-
Size
343KB
-
MD5
b78af653a842b7b6c6c933a017e7a739
-
SHA1
cfb6d102f411e5d98b81c6a541d415eedd8c6117
-
SHA256
a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951
-
SHA512
afed350599526ecb11af07c44edffa555352b0d55ce70efd07e7b1b590c35ecce79ad0fd0da830f9a84e35f4c85e5f16cf1d08b082ca13708a7ffcdcec7a1bb5
-
SSDEEP
3072:4d60Lv/51lTrToz86kRjpypcXmdy43rBClEPJ8fteIcFR/51e5BC3TXcne94rVLs:4d60jB1lnTXXmdy43rBBh7R/amTS6FhT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-