General
-
Target
file.exe
-
Size
262KB
-
Sample
221213-jvej6sec53
-
MD5
a9dd9348a0830403e7d04b3a7f63e26f
-
SHA1
c3acbfb7d9dbaa89315aa1460600852391a7d464
-
SHA256
ea99537fe2281713f9b20202805333fc42e6add48d82626b60fa09f2c47e7117
-
SHA512
65a2e3ff57d4e2000e9e619b9809de5ac28eac2ccc0d46da14ea1f01983f27946ef54aac15d468820a09e2f97aeb2b53f260a2f63b7549d1cc65e2b5df5eddd0
-
SSDEEP
3072:DrcM/3COf9blMD0ygppHRKFGlpWORX+yooRybZY7fDGNmls42ajw8xCx0PZjc:DQaNf9dpID9xCjEFWPZjc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Install
142.93.198.232:81
-
auth_value
f9affed97251c08e7a096257ba9edfb2
Targets
-
-
Target
file.exe
-
Size
262KB
-
MD5
a9dd9348a0830403e7d04b3a7f63e26f
-
SHA1
c3acbfb7d9dbaa89315aa1460600852391a7d464
-
SHA256
ea99537fe2281713f9b20202805333fc42e6add48d82626b60fa09f2c47e7117
-
SHA512
65a2e3ff57d4e2000e9e619b9809de5ac28eac2ccc0d46da14ea1f01983f27946ef54aac15d468820a09e2f97aeb2b53f260a2f63b7549d1cc65e2b5df5eddd0
-
SSDEEP
3072:DrcM/3COf9blMD0ygppHRKFGlpWORX+yooRybZY7fDGNmls42ajw8xCx0PZjc:DQaNf9dpID9xCjEFWPZjc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-