General
-
Target
afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
-
Size
403KB
-
Sample
221226-abss1scc73
-
MD5
949d963edbc7650225a54920c7f38bb2
-
SHA1
1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8
-
SHA256
afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
-
SHA512
fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee
-
SSDEEP
6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE
Static task
static1
Behavioral task
behavioral1
Sample
afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
-
Size
403KB
-
MD5
949d963edbc7650225a54920c7f38bb2
-
SHA1
1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8
-
SHA256
afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a
-
SHA512
fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee
-
SSDEEP
6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation