General
-
Target
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
Size
180KB
-
Sample
221224-w2tnwsde9x
-
MD5
5d8ad95c249706b050d8619574bf2528
-
SHA1
cf6d0518e95d9a8a435006619575c64a816e906b
-
SHA256
1aec51c4aa03a1ae2999ffe80c1d0f123a4ccf84407d2deb0c30256454bae889
-
SHA512
48080a2ea6f6d8fac168b6afd31e9ae92f2e1a7acf303866a9caf5a27c443e342aa9dba65f39a1204d2c7aad64b65a7ba36d01955354f2fcfe38f0c7f7c7eeec
-
SSDEEP
3072:w1vMVVfeB/cjt+AIdvahbexmZWcJffYmNCVRAQyLCXafBelbA+y:w1CVfeB/cwA9hei9wmNCr7yLCIBelbny
Static task
static1
Behavioral task
behavioral1
Sample
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
Size
386KB
-
MD5
cf15fbdc9ee423a036182972c85601ad
-
SHA1
8fda4b5d42ed10c6d1c7021e70498233b33713f0
-
SHA256
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
SHA512
ee35d6d68eae7ff6952a9a3c251e0011eda51dabf2d298475a3e276e962f8f084868c8d4b9d505f02b6f18f5b3424792d3e104a5d3b1e88d69bdf7804de7f4e1
-
SSDEEP
12288:+RRMyUvkLk2zVcOjZh1rskSnQ4DJW0Wrf0S+n9dDuu788Xzwlrz2lB4ung2oonKo:+RWvr8B1skSnQ4DJW0Wrf0S+n9dDuu7D
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-