General
-
Target
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
-
Size
2.8MB
-
Sample
221206-ff6tbshe32
-
MD5
31a9a8c6d1d79fc6afdd9a5c991188f1
-
SHA1
d294e06685c76d32338585564ebe9c4ff49dd067
-
SHA256
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
-
SHA512
48e8d0a33ba514106fa95f1e8e2fdfb74083de0c2434b3d3bbb716cc8a78a66ee657044dd36b70291ce369ba75624f977560c32a5a96cefe7ee54a92f5e5500a
-
SSDEEP
49152:crvnXYyaoU7Efzua3KIVouFK+hByJPD6hXlunD3tzQ:crvnnUIfzD37FlW1QVm9E
Static task
static1
Behavioral task
behavioral1
Sample
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
0512
81.161.229.143:26910
-
auth_value
c020923553bd23ba826df75b6d76d4de
Targets
-
-
Target
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
-
Size
2.8MB
-
MD5
31a9a8c6d1d79fc6afdd9a5c991188f1
-
SHA1
d294e06685c76d32338585564ebe9c4ff49dd067
-
SHA256
a80c89e6bc5d2aa9ff033799651cbb9bd11cf3b75eaf49552bd59cc88fcb5445
-
SHA512
48e8d0a33ba514106fa95f1e8e2fdfb74083de0c2434b3d3bbb716cc8a78a66ee657044dd36b70291ce369ba75624f977560c32a5a96cefe7ee54a92f5e5500a
-
SSDEEP
49152:crvnXYyaoU7Efzua3KIVouFK+hByJPD6hXlunD3tzQ:crvnnUIfzD37FlW1QVm9E
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-