General
-
Target
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
Size
399KB
-
Sample
221225-nqy58sbd89
-
MD5
d93d1f0fdc7de7942f38b354bb098088
-
SHA1
51ee7137f7b9b7b76e2d70670cf1b334578d622f
-
SHA256
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
SHA512
012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
-
SSDEEP
6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN
Static task
static1
Behavioral task
behavioral1
Sample
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
Size
399KB
-
MD5
d93d1f0fdc7de7942f38b354bb098088
-
SHA1
51ee7137f7b9b7b76e2d70670cf1b334578d622f
-
SHA256
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
SHA512
012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
-
SSDEEP
6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-