General
-
Target
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
Size
180KB
-
Sample
221224-wj2lsade6v
-
MD5
e54e266c8adf5c882c63f105737fd326
-
SHA1
3e39aaa41e07d329d8575946bc52d33be003d599
-
SHA256
3f3acdf84236a48b6506698cbc9e61d9ab574653242843e700ea0f36a1edb4a3
-
SHA512
b7480a0ccddff2c3893b036a92ed28498be896feea8c001cd450d46fac82ef3bd00d9f92ef4771fb7b82c114c6776709dfdaff9db0ff57500770b3e0b726db6f
-
SSDEEP
3072:c1vMVVfeB/cjt+AIdvahbexmZWcJffYmNCVRAQyLCXafBelbA+q:c1CVfeB/cwA9hei9wmNCr7yLCIBelbnq
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
Size
386KB
-
MD5
cf15fbdc9ee423a036182972c85601ad
-
SHA1
8fda4b5d42ed10c6d1c7021e70498233b33713f0
-
SHA256
3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f
-
SHA512
ee35d6d68eae7ff6952a9a3c251e0011eda51dabf2d298475a3e276e962f8f084868c8d4b9d505f02b6f18f5b3424792d3e104a5d3b1e88d69bdf7804de7f4e1
-
SSDEEP
12288:+RRMyUvkLk2zVcOjZh1rskSnQ4DJW0Wrf0S+n9dDuu788Xzwlrz2lB4ung2oonKo:+RWvr8B1skSnQ4DJW0Wrf0S+n9dDuu7D
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-