General
-
Target
798af35d10ee5eeaa15918f085b54807.exe
-
Size
398KB
-
Sample
221225-j8z32aed8s
-
MD5
798af35d10ee5eeaa15918f085b54807
-
SHA1
7717c6bde031fc9d5862639041e5b895fc5b51d1
-
SHA256
13b8a421f7b03dc4ff1ab5a537dc120b89f1c1daacbbb2678ab323a9f5a56c47
-
SHA512
866da099c0b2d527e1e9dd6bdf5eb0db28bd267c74c23ab95a1f82a8def78d99074ebf4ea47d1005b710e6b459df7001c1b2014713dc704ce374461409928b99
-
SSDEEP
6144:kS4xWrKdFGbK4CRAwTAtBVfjmAONhDi8eDsUkHb/bGPK:kS4xWrKdFGbK4UTnbhD2sULPK
Static task
static1
Behavioral task
behavioral1
Sample
798af35d10ee5eeaa15918f085b54807.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
798af35d10ee5eeaa15918f085b54807.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
798af35d10ee5eeaa15918f085b54807.exe
-
Size
398KB
-
MD5
798af35d10ee5eeaa15918f085b54807
-
SHA1
7717c6bde031fc9d5862639041e5b895fc5b51d1
-
SHA256
13b8a421f7b03dc4ff1ab5a537dc120b89f1c1daacbbb2678ab323a9f5a56c47
-
SHA512
866da099c0b2d527e1e9dd6bdf5eb0db28bd267c74c23ab95a1f82a8def78d99074ebf4ea47d1005b710e6b459df7001c1b2014713dc704ce374461409928b99
-
SSDEEP
6144:kS4xWrKdFGbK4CRAwTAtBVfjmAONhDi8eDsUkHb/bGPK:kS4xWrKdFGbK4UTnbhD2sULPK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-