General
-
Target
file.exe
-
Size
264KB
-
Sample
221212-w92z8seh8v
-
MD5
f30fdf64dbff6ade560a29894dfdb758
-
SHA1
ecc9ec6b0d2e7b4385914b4ad22c2db4447c8789
-
SHA256
def089cb330e10804e45b5eceb4702974cb9b2011b7160e0ce4c09efba53d6fb
-
SHA512
8c31d393237779014f67c1c89d597f65c5470a8a98bd4ebeede296d13c722ebfaaefc79e5478475c06e7b50452291d2bab353a9bd97da73361a65adeeab64155
-
SSDEEP
3072:jSovv6cGn/mfNzy473vg6pO3USAY00D2nxruIFjsXbafErXJKc:jSovyLOfNQCsUSAP/xrFeLafqXJKc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Install
142.93.198.232:81
-
auth_value
f9affed97251c08e7a096257ba9edfb2
Targets
-
-
Target
file.exe
-
Size
264KB
-
MD5
f30fdf64dbff6ade560a29894dfdb758
-
SHA1
ecc9ec6b0d2e7b4385914b4ad22c2db4447c8789
-
SHA256
def089cb330e10804e45b5eceb4702974cb9b2011b7160e0ce4c09efba53d6fb
-
SHA512
8c31d393237779014f67c1c89d597f65c5470a8a98bd4ebeede296d13c722ebfaaefc79e5478475c06e7b50452291d2bab353a9bd97da73361a65adeeab64155
-
SSDEEP
3072:jSovv6cGn/mfNzy473vg6pO3USAY00D2nxruIFjsXbafErXJKc:jSovyLOfNQCsUSAP/xrFeLafqXJKc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-