General
-
Target
8845215ed3299ff3381580ab3c1e1feb69d8c44361bc15d64b57a597147a74c7
-
Size
510KB
-
Sample
221206-pbnlmaah5v
-
MD5
2c7867a1749edef10274f3e34b047865
-
SHA1
c2009f052e54f3c788e1872e7ac6f4d5fea218f9
-
SHA256
8845215ed3299ff3381580ab3c1e1feb69d8c44361bc15d64b57a597147a74c7
-
SHA512
60b503650f7f4ca7d14cfa7dabc1cda68eee8f0e34800fb160f44b3af9135bf27b15c57e26f19301baa1eb4eb6a6191cfa70d8ca28361db71969f7c0c3435e68
-
SSDEEP
12288:p7HdieNsYHk31Qb9b01KCgZg7bn8eI3ilumDo+Wxga7oRFL:q31Qxg1K/g7z8r3iC+Qf0L
Static task
static1
Behavioral task
behavioral1
Sample
8845215ed3299ff3381580ab3c1e1feb69d8c44361bc15d64b57a597147a74c7.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
8845215ed3299ff3381580ab3c1e1feb69d8c44361bc15d64b57a597147a74c7
-
Size
510KB
-
MD5
2c7867a1749edef10274f3e34b047865
-
SHA1
c2009f052e54f3c788e1872e7ac6f4d5fea218f9
-
SHA256
8845215ed3299ff3381580ab3c1e1feb69d8c44361bc15d64b57a597147a74c7
-
SHA512
60b503650f7f4ca7d14cfa7dabc1cda68eee8f0e34800fb160f44b3af9135bf27b15c57e26f19301baa1eb4eb6a6191cfa70d8ca28361db71969f7c0c3435e68
-
SSDEEP
12288:p7HdieNsYHk31Qb9b01KCgZg7bn8eI3ilumDo+Wxga7oRFL:q31Qxg1K/g7z8r3iC+Qf0L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-