General
-
Target
14ae81efb3075204d1a32a36f15835a6.exe
-
Size
241KB
-
Sample
230112-ntewrsfg94
-
MD5
14ae81efb3075204d1a32a36f15835a6
-
SHA1
15886b3731063ace4367eba3d304616b3c79ea8b
-
SHA256
3b4f1c256654c777aafbb046222f603abc68b893d1153d493c1ad9c505db8503
-
SHA512
30b527cc5b32a63315fc43adc0cb31984475d1fe4024bf119526d3ef3b9292bd5383e64cd30e13e3bcff18152e30f5ba8d2663876743d8193081c57ed5504127
-
SSDEEP
3072:QDQQMGKPxDte8QpmjHuGfDbT3gubnBLJi16Zzb2JC3:Q0QMNFte/oOAT3jnBLJi16xb2
Static task
static1
Behavioral task
behavioral1
Sample
14ae81efb3075204d1a32a36f15835a6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
14ae81efb3075204d1a32a36f15835a6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
3
185.242.86.55:37832
-
auth_value
6d2d19febb55544b17de28698fd3b161
Targets
-
-
Target
14ae81efb3075204d1a32a36f15835a6.exe
-
Size
241KB
-
MD5
14ae81efb3075204d1a32a36f15835a6
-
SHA1
15886b3731063ace4367eba3d304616b3c79ea8b
-
SHA256
3b4f1c256654c777aafbb046222f603abc68b893d1153d493c1ad9c505db8503
-
SHA512
30b527cc5b32a63315fc43adc0cb31984475d1fe4024bf119526d3ef3b9292bd5383e64cd30e13e3bcff18152e30f5ba8d2663876743d8193081c57ed5504127
-
SSDEEP
3072:QDQQMGKPxDte8QpmjHuGfDbT3gubnBLJi16Zzb2JC3:Q0QMNFte/oOAT3jnBLJi16xb2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-