General
-
Target
18b946d10fd3e8d8508fd47749aef1df080e2804b3457f2f4589da13065eaccf
-
Size
386KB
-
Sample
221224-sme1eaab45
-
MD5
3d52b82857feac862d6ec601f9e5471e
-
SHA1
09e77c2c329e24560f110d4ca3cd25fd8caeb5e9
-
SHA256
18b946d10fd3e8d8508fd47749aef1df080e2804b3457f2f4589da13065eaccf
-
SHA512
b9c988a616eaf971e3dd3a629f9078baeb03ba5187806f21353e38cb12027c3b05deff575a5f2bbdcfd6ba3cdd8b90949aed33e2c1b471a6ee0bdd790b7f59fb
-
SSDEEP
6144:FRQUMd4UvkL5kDhOM232DeAObEda2qVack6nqCd9jgl:FRRMyUvkLk25EdVcBal
Static task
static1
Behavioral task
behavioral1
Sample
18b946d10fd3e8d8508fd47749aef1df080e2804b3457f2f4589da13065eaccf.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
18b946d10fd3e8d8508fd47749aef1df080e2804b3457f2f4589da13065eaccf
-
Size
386KB
-
MD5
3d52b82857feac862d6ec601f9e5471e
-
SHA1
09e77c2c329e24560f110d4ca3cd25fd8caeb5e9
-
SHA256
18b946d10fd3e8d8508fd47749aef1df080e2804b3457f2f4589da13065eaccf
-
SHA512
b9c988a616eaf971e3dd3a629f9078baeb03ba5187806f21353e38cb12027c3b05deff575a5f2bbdcfd6ba3cdd8b90949aed33e2c1b471a6ee0bdd790b7f59fb
-
SSDEEP
6144:FRQUMd4UvkL5kDhOM232DeAObEda2qVack6nqCd9jgl:FRRMyUvkLk25EdVcBal
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-