General
-
Target
775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
-
Size
399KB
-
Sample
221225-vjvykabg56
-
MD5
ac508206006eb41c605373e9793e7622
-
SHA1
3223ac24de6fd4650bbcf1495e73944085bc0e07
-
SHA256
775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
-
SHA512
9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c
-
SSDEEP
6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN
Static task
static1
Behavioral task
behavioral1
Sample
775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
-
Size
399KB
-
MD5
ac508206006eb41c605373e9793e7622
-
SHA1
3223ac24de6fd4650bbcf1495e73944085bc0e07
-
SHA256
775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32
-
SHA512
9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c
-
SSDEEP
6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation