General
-
Target
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
Size
184KB
-
Sample
221225-w3461sfa7z
-
MD5
b03498cf5596ec6a2eab26b527ece469
-
SHA1
414c29e46197c4463c2223fb8442b8cde22b27a8
-
SHA256
d171d66c1e705d79d3e647292dfabdb9a9d74eb5d0f05f8c8712e3e404357798
-
SHA512
6ac8185375f5d30ac16c29f080a5dd405ef673df84e528cac817216162c4141a34f6072b594c13be3aed94be73a86e866ec1aeabf3ccdf0fe83a6d7f58244a4d
-
SSDEEP
3072:NOQUith0Y6AU4htVYoWl4P9ScqO8EQ+8zeNmDN6NJEgkQ2dCgpbrXKt1KLVAveBQ:MQUu0l74Z+4Plr9L8sMkudrbr6t1su2a
Static task
static1
Behavioral task
behavioral1
Sample
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
Size
399KB
-
MD5
d93d1f0fdc7de7942f38b354bb098088
-
SHA1
51ee7137f7b9b7b76e2d70670cf1b334578d622f
-
SHA256
0c5c3d6dc72a81c0a4e7e26b126761fbaecbcf609f92f9c98936e04a29b5a5a2
-
SHA512
012e84599ea87a3eb0356f0748d2599f5046023e16c061d9b3c248b8c03dfbd60b9ad6b4014da10123f38ce2c2c60e470a42847c59f1fb7d10b212322896f8cb
-
SSDEEP
6144:8nTC5+E5GP8MSR4X3+trN99jUAOaz8n8o/tXDN:8nTC5+E5GP8Mj3Bwon8OTN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation