General
-
Target
Mod.exe
-
Size
350.7MB
-
Sample
221220-cbzmnsbf4s
-
MD5
6fde8a9b580c87e85d0148903f1cef7f
-
SHA1
98645ea87c782c91e115e514a6beb848a48336de
-
SHA256
2809692a2e632c34fd531dbdb4711e8d9935285fb29519eeb947756045f548b8
-
SHA512
4d6357bec55b8ea93b4130d08f4d673400a6d34107b1e186b596841a610ae5836b3370a56a9345d14d5732e4698592811d0d58bbded8f8556d27036fed75c160
-
SSDEEP
6144:uhw5kqoCc8u05Fks9udiaxuvE/IdPBRWcYnEXybEBN2z2DOMpkMQ2SAYUa/qqdh8:AOkq6scdpxMEwzY8ybEBNa2tB8A/abM
Static task
static1
Behavioral task
behavioral1
Sample
Mod.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Mod.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
777
65.21.98.68:24348
-
auth_value
2b0deda6565bbd2312234728956887ab
Targets
-
-
Target
Mod.exe
-
Size
350.7MB
-
MD5
6fde8a9b580c87e85d0148903f1cef7f
-
SHA1
98645ea87c782c91e115e514a6beb848a48336de
-
SHA256
2809692a2e632c34fd531dbdb4711e8d9935285fb29519eeb947756045f548b8
-
SHA512
4d6357bec55b8ea93b4130d08f4d673400a6d34107b1e186b596841a610ae5836b3370a56a9345d14d5732e4698592811d0d58bbded8f8556d27036fed75c160
-
SSDEEP
6144:uhw5kqoCc8u05Fks9udiaxuvE/IdPBRWcYnEXybEBN2z2DOMpkMQ2SAYUa/qqdh8:AOkq6scdpxMEwzY8ybEBNa2tB8A/abM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-