General
-
Target
file.exe
-
Size
417KB
-
Sample
221226-v91azage2v
-
MD5
6c893ada0259325c8b9dbc0a824e1a79
-
SHA1
14a41f88512dae81933403d34c5790ab1c6bed4c
-
SHA256
95c7e4e4a23ddb523c0a132e835cc835a07ff27254bb191f2b681b883c85c6e2
-
SHA512
f8ddf39af422da8418d90f11a3ff2569e7992ef70532b165d41f6d7ee4980316bf42efc29caaab1997b6d07cc5d335922d82b97dcf887b994a43cc9022a47625
-
SSDEEP
12288:luKsohhtrUeKlL/OddaUI5SqUPTKjrdJ:zBUZqd9YB
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
3
65.21.5.58:24911
-
auth_value
348157ad6abeedf1edf0b65752dea46b
Targets
-
-
Target
file.exe
-
Size
417KB
-
MD5
6c893ada0259325c8b9dbc0a824e1a79
-
SHA1
14a41f88512dae81933403d34c5790ab1c6bed4c
-
SHA256
95c7e4e4a23ddb523c0a132e835cc835a07ff27254bb191f2b681b883c85c6e2
-
SHA512
f8ddf39af422da8418d90f11a3ff2569e7992ef70532b165d41f6d7ee4980316bf42efc29caaab1997b6d07cc5d335922d82b97dcf887b994a43cc9022a47625
-
SSDEEP
12288:luKsohhtrUeKlL/OddaUI5SqUPTKjrdJ:zBUZqd9YB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-