General
-
Target
8bcc8f91eac6071e201893b8e24ba3e9.exe
-
Size
398KB
-
Sample
221225-kbvbysed8w
-
MD5
8bcc8f91eac6071e201893b8e24ba3e9
-
SHA1
9c5fae6c14e3bf42db272ec2847b338eb7b91dfc
-
SHA256
8e2e0590b0418adf88d487f37a49107538e7e2d243f165845852c3f7ece6a337
-
SHA512
0afa75b87d0ee9d08a3d91d0c0ec905056f155a5d6fe385d7f4b0d9b9caa656f37373ea924205d0e74fb5a8b2ef7ef6d9f55e66842309bcc04c1254d5628ea04
-
SSDEEP
12288:Mygxer6dluLigEZoNZ6RF2Rybootouo7CypP7:GuOdZ6ZyF2Ybootouo7VZ7
Static task
static1
Behavioral task
behavioral1
Sample
8bcc8f91eac6071e201893b8e24ba3e9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8bcc8f91eac6071e201893b8e24ba3e9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
8bcc8f91eac6071e201893b8e24ba3e9.exe
-
Size
398KB
-
MD5
8bcc8f91eac6071e201893b8e24ba3e9
-
SHA1
9c5fae6c14e3bf42db272ec2847b338eb7b91dfc
-
SHA256
8e2e0590b0418adf88d487f37a49107538e7e2d243f165845852c3f7ece6a337
-
SHA512
0afa75b87d0ee9d08a3d91d0c0ec905056f155a5d6fe385d7f4b0d9b9caa656f37373ea924205d0e74fb5a8b2ef7ef6d9f55e66842309bcc04c1254d5628ea04
-
SSDEEP
12288:Mygxer6dluLigEZoNZ6RF2Rybootouo7CypP7:GuOdZ6ZyF2Ybootouo7VZ7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-