General
-
Target
ef79abeb4b5f5de7be5944c547f8c696dab084369a40fbf3f2bc6491833e574c
-
Size
264KB
-
Sample
221208-d6plmagh68
-
MD5
c7f522a269895ba7cff4e694ad4f4cca
-
SHA1
5e8621fe1d219aa7fb6d120c29933b4d8f84d75d
-
SHA256
ef79abeb4b5f5de7be5944c547f8c696dab084369a40fbf3f2bc6491833e574c
-
SHA512
0d1ecf195cad0a700a23721c0dd7ed2acfc6b11ad8aa6b24988720cd6d4de658a7ae195d03c9f8a94aadf6344ecdd968421d2288cac04fa57ade4f47fbd3a1f5
-
SSDEEP
3072:8MT8QUjxBcZhuDi585ouA5A6XOmoJZoM17TBQgnTLh1sNxehv:8xGh0quA5AZmoMM1SGmxm
Static task
static1
Behavioral task
behavioral1
Sample
ef79abeb4b5f5de7be5944c547f8c696dab084369a40fbf3f2bc6491833e574c.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
ef79abeb4b5f5de7be5944c547f8c696dab084369a40fbf3f2bc6491833e574c
-
Size
264KB
-
MD5
c7f522a269895ba7cff4e694ad4f4cca
-
SHA1
5e8621fe1d219aa7fb6d120c29933b4d8f84d75d
-
SHA256
ef79abeb4b5f5de7be5944c547f8c696dab084369a40fbf3f2bc6491833e574c
-
SHA512
0d1ecf195cad0a700a23721c0dd7ed2acfc6b11ad8aa6b24988720cd6d4de658a7ae195d03c9f8a94aadf6344ecdd968421d2288cac04fa57ade4f47fbd3a1f5
-
SSDEEP
3072:8MT8QUjxBcZhuDi585ouA5A6XOmoJZoM17TBQgnTLh1sNxehv:8xGh0quA5AZmoMM1SGmxm
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-