General
-
Target
file.exe
-
Size
7.2MB
-
Sample
230111-2v4s6sef43
-
MD5
e28ce0b393aed7c4b8e9ecbb95f0b7d3
-
SHA1
b6578425f8f32ceb1de99131d6f548d6a5aa5dc9
-
SHA256
40c0a96435292cd3b28e32f74c251361258f0ac84b3997aac87836ce1d40d556
-
SHA512
3da6238dea8f47d3584c00fdd415491ca24bb64c89e150d99bfe446962c720dbeac03b3a788ebeecf3a63993638b46be3ab209727c2d46f3b69da1b9bd5e2657
-
SSDEEP
98304:n0WVvfuk8wfHLw1b1BVogPieYhxoV8WOaoG8VI:0WVX5hHLw1vVoH/3ox
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
New1
31.41.244.111:5602
-
auth_value
babddb30fb126067dae47c2cef901f4b
Targets
-
-
Target
file.exe
-
Size
7.2MB
-
MD5
e28ce0b393aed7c4b8e9ecbb95f0b7d3
-
SHA1
b6578425f8f32ceb1de99131d6f548d6a5aa5dc9
-
SHA256
40c0a96435292cd3b28e32f74c251361258f0ac84b3997aac87836ce1d40d556
-
SHA512
3da6238dea8f47d3584c00fdd415491ca24bb64c89e150d99bfe446962c720dbeac03b3a788ebeecf3a63993638b46be3ab209727c2d46f3b69da1b9bd5e2657
-
SSDEEP
98304:n0WVvfuk8wfHLw1b1BVogPieYhxoV8WOaoG8VI:0WVX5hHLw1vVoH/3ox
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-