General
-
Target
c06c0fdae71a40e7b8a804d29cab262bc0802db87a9d2d6db4b193d405a0d020
-
Size
386KB
-
Sample
221224-p399psdc3x
-
MD5
632547cb842c5b2596cec7900b3f34aa
-
SHA1
e846b80154144c156adc2d94344fcb7500eafdf3
-
SHA256
c06c0fdae71a40e7b8a804d29cab262bc0802db87a9d2d6db4b193d405a0d020
-
SHA512
d5700982fa6303a5363ca4ffb960fb4c7017a0a4f2f3fc469d29dbb3c4752e3948d9ad3744e9a894bc68717f58fa220348fed0498d30209148cc1b619e1a55be
-
SSDEEP
12288:0RRMyUvkLk28seqNZS6/OvKq5ewaoPqX+l:0RWvr/seqNZS6/OvKq5ewas1
Static task
static1
Behavioral task
behavioral1
Sample
c06c0fdae71a40e7b8a804d29cab262bc0802db87a9d2d6db4b193d405a0d020.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
c06c0fdae71a40e7b8a804d29cab262bc0802db87a9d2d6db4b193d405a0d020
-
Size
386KB
-
MD5
632547cb842c5b2596cec7900b3f34aa
-
SHA1
e846b80154144c156adc2d94344fcb7500eafdf3
-
SHA256
c06c0fdae71a40e7b8a804d29cab262bc0802db87a9d2d6db4b193d405a0d020
-
SHA512
d5700982fa6303a5363ca4ffb960fb4c7017a0a4f2f3fc469d29dbb3c4752e3948d9ad3744e9a894bc68717f58fa220348fed0498d30209148cc1b619e1a55be
-
SSDEEP
12288:0RRMyUvkLk28seqNZS6/OvKq5ewaoPqX+l:0RWvr/seqNZS6/OvKq5ewas1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-