General
-
Target
Office.rar
-
Size
4.9MB
-
Sample
221221-ysfrsagb7z
-
MD5
c0c2b8a109240aa23488e5045806b709
-
SHA1
99d6b5d4b21f155c8850213cf7b57bde976fe09b
-
SHA256
3edfada37ed37b34f4292f2dd1b7868f578c2e9639a62e753630fcfb511af10a
-
SHA512
1d1fd1578a284d797dd4e63bae1df05d4f6276e7a1b2b531f964bf48a8feda124b6fa6fd9571afe642218d732f7ca0d8ca9117feec182d5e894923ed07c58536
-
SSDEEP
98304:mwOHXIIToGgTh1Ec6jYdl7+y+Ywke8p6tGLrfPhhSQv7OGxcx4wNgxp:fyI2Cl/dUZqCMLrfPhci7OGyxhNg7
Static task
static1
Behavioral task
behavioral1
Sample
ApplicationSetup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ApplicationSetup.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
071222_youtube
newmeta.makelog.org:10737
-
auth_value
34d206cebf0fe398e291ff8c20b37b37
Targets
-
-
Target
ApplicationSetup.exe
-
Size
128.0MB
-
MD5
60ee531549f1d8f40c947c1c25de708c
-
SHA1
893bf49b923eefe5623e8911e574a3f0f9b0f06d
-
SHA256
6cbd68a14bf5c477faf6386b8d26c56595fed4e2a8acb66541d389fdd466b7cf
-
SHA512
af9811505c205f3aafe7fd5261c5753898a2e977750e8b0cdc8543978fedb41a2ab1d553bdc85cffa8b78bc4b699dc971ab01f0eaa847251115433985e02e96a
-
SSDEEP
196608:TPQ0KH/r+HRLsZdZw8JuOVGJRudWwTBh7wiMBQFOHS3nvSBrlY8L7e5D2OmtUrhy:6S+S
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-