General
-
Target
b6d62b550c8893ced00cac51a8e75d29.exe
-
Size
198KB
-
Sample
221206-lg2tnahb6z
-
MD5
b6d62b550c8893ced00cac51a8e75d29
-
SHA1
f141dd9b1bf08ac25ffea4e0a22c1e217d756480
-
SHA256
ab67fad4ab48fe13e3371ef444d511e910fd7e4ace8a34c6969e11a55e850703
-
SHA512
f4d4b73cdbd9012dcd8cb072e100ab14d5f9776d3995e6d1b93a181377683eeeb40ab17a335e20caa8f0c01420fe4acf7655e2d28369179fce33c8ca386a640b
-
SSDEEP
3072:IBVdnVvfxWV0FjC4xusu8EwuUkQnbhhUrY/hYRu+uNkYuAmKaOrDwxO:INC6C7lwuNQn2YwuoYuARDT
Static task
static1
Behavioral task
behavioral1
Sample
b6d62b550c8893ced00cac51a8e75d29.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b6d62b550c8893ced00cac51a8e75d29.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
37.220.87.13:40676
-
auth_value
08797c5d7c548e932ae5f793280c9728
Targets
-
-
Target
b6d62b550c8893ced00cac51a8e75d29.exe
-
Size
198KB
-
MD5
b6d62b550c8893ced00cac51a8e75d29
-
SHA1
f141dd9b1bf08ac25ffea4e0a22c1e217d756480
-
SHA256
ab67fad4ab48fe13e3371ef444d511e910fd7e4ace8a34c6969e11a55e850703
-
SHA512
f4d4b73cdbd9012dcd8cb072e100ab14d5f9776d3995e6d1b93a181377683eeeb40ab17a335e20caa8f0c01420fe4acf7655e2d28369179fce33c8ca386a640b
-
SSDEEP
3072:IBVdnVvfxWV0FjC4xusu8EwuUkQnbhhUrY/hYRu+uNkYuAmKaOrDwxO:INC6C7lwuNQn2YwuoYuARDT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-