General
-
Target
728d0c12a4883b351dab40bfa2881a0dc967f9ff598384050da6c43d0d9bb476
-
Size
398KB
-
Sample
221225-ekzedaba96
-
MD5
06954f9d525615085402fa958b5b2a15
-
SHA1
13ab62d6412659cef215a5577c804b3efffd738c
-
SHA256
728d0c12a4883b351dab40bfa2881a0dc967f9ff598384050da6c43d0d9bb476
-
SHA512
4da10805020b86ff4eb6478e105c30ac84c80b09ec6925493b0f56aa6cb33a76805952f0e14bd0d9d619fbd0a7986b3eeccfc21dc1f45f0b7bf4a29af90f6944
-
SSDEEP
6144:sPIxOrHmF27am0pv+09bVzjeAOMJJG4RHa8rFnbVerEAHKbcxNGPl:sPIxOrHmF27amp90JG4R7RcrzUPl
Static task
static1
Behavioral task
behavioral1
Sample
728d0c12a4883b351dab40bfa2881a0dc967f9ff598384050da6c43d0d9bb476.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
728d0c12a4883b351dab40bfa2881a0dc967f9ff598384050da6c43d0d9bb476
-
Size
398KB
-
MD5
06954f9d525615085402fa958b5b2a15
-
SHA1
13ab62d6412659cef215a5577c804b3efffd738c
-
SHA256
728d0c12a4883b351dab40bfa2881a0dc967f9ff598384050da6c43d0d9bb476
-
SHA512
4da10805020b86ff4eb6478e105c30ac84c80b09ec6925493b0f56aa6cb33a76805952f0e14bd0d9d619fbd0a7986b3eeccfc21dc1f45f0b7bf4a29af90f6944
-
SSDEEP
6144:sPIxOrHmF27am0pv+09bVzjeAOMJJG4RHa8rFnbVerEAHKbcxNGPl:sPIxOrHmF27amp90JG4R7RcrzUPl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-