General
-
Target
93a3fff460b764f8f0576c762aec221e456335ef7ee87f90116da28377092ae1
-
Size
403KB
-
Sample
221226-pefeesga9v
-
MD5
fb56b2c84ca9f2f5ddcac30e731a87ea
-
SHA1
387b1dcee2e2bd71c3f998dfe36d51c3c4b1554f
-
SHA256
93a3fff460b764f8f0576c762aec221e456335ef7ee87f90116da28377092ae1
-
SHA512
940563616d7219acea46b0bf3e055634ec3b7c9ce4888dcae893c8774bf76d9cd42711bc2f46a30c21cf15074793a1f9b585326bd1c901d823e152469d96801b
-
SSDEEP
6144:8mHrko0wXOC99+mKpymC0a/QuUAOOSTkN6vrDYJ2++zPd/Sta:8mHrko0wXOC99QdYNeDYkzsE
Static task
static1
Behavioral task
behavioral1
Sample
93a3fff460b764f8f0576c762aec221e456335ef7ee87f90116da28377092ae1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
93a3fff460b764f8f0576c762aec221e456335ef7ee87f90116da28377092ae1
-
Size
403KB
-
MD5
fb56b2c84ca9f2f5ddcac30e731a87ea
-
SHA1
387b1dcee2e2bd71c3f998dfe36d51c3c4b1554f
-
SHA256
93a3fff460b764f8f0576c762aec221e456335ef7ee87f90116da28377092ae1
-
SHA512
940563616d7219acea46b0bf3e055634ec3b7c9ce4888dcae893c8774bf76d9cd42711bc2f46a30c21cf15074793a1f9b585326bd1c901d823e152469d96801b
-
SSDEEP
6144:8mHrko0wXOC99+mKpymC0a/QuUAOOSTkN6vrDYJ2++zPd/Sta:8mHrko0wXOC99QdYNeDYkzsE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation