General
-
Target
803709f0596578ab83a031da335d1511.exe
-
Size
386KB
-
Sample
221224-vb858add7z
-
MD5
803709f0596578ab83a031da335d1511
-
SHA1
7a89e0f36268fac38e6cdbba2677c14f334a560b
-
SHA256
1268e655f6de27245a9d7d1b5a8ef50484865fd9833078ecec2c46c3247c7c6f
-
SHA512
ba4da5527469a92bb8c01affa7258f491c5a36beee23ef9c987521caa59f42c920c3fa116d695d3f4d7d646354f66fe8e0010b3f73560be92e3b93a2febc48b3
-
SSDEEP
6144:gRQUMd4UvkL5kDhOM232DeAORnIcRz1rv2xjgl:gRRMyUvkLk2zIwVvnl
Static task
static1
Behavioral task
behavioral1
Sample
803709f0596578ab83a031da335d1511.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
803709f0596578ab83a031da335d1511.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
803709f0596578ab83a031da335d1511.exe
-
Size
386KB
-
MD5
803709f0596578ab83a031da335d1511
-
SHA1
7a89e0f36268fac38e6cdbba2677c14f334a560b
-
SHA256
1268e655f6de27245a9d7d1b5a8ef50484865fd9833078ecec2c46c3247c7c6f
-
SHA512
ba4da5527469a92bb8c01affa7258f491c5a36beee23ef9c987521caa59f42c920c3fa116d695d3f4d7d646354f66fe8e0010b3f73560be92e3b93a2febc48b3
-
SSDEEP
6144:gRQUMd4UvkL5kDhOM232DeAORnIcRz1rv2xjgl:gRRMyUvkLk2zIwVvnl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-