General
-
Target
06ccee05be0cb619beb6729d90111bb77577c68de4d2a07c60166ce541a6103d
-
Size
1.4MB
-
Sample
230130-hpg8fahe69
-
MD5
fd165fda80732035427ac5c9536506ac
-
SHA1
f23998921c36740a05380fc53c1bc5747a19db05
-
SHA256
06ccee05be0cb619beb6729d90111bb77577c68de4d2a07c60166ce541a6103d
-
SHA512
a58425dc863f6af016233367efed8476cb4177aac90ea623fc0b4df6a4ad3b4df99dc26cf14cc3f61bf24a74ab4043dc3454004e788e6c7e12fb901c8767b9d4
-
SSDEEP
24576:MHWmAFrsR4eEdzvikBXTpH4fGQDt7R61rvu6xQd0px1xr52itKQCE16SOtF:9sRsd3BDpH4fGK01q68WFEisTEESO
Malware Config
Extracted
redline
main
birja1.com:29658
-
auth_value
7a6d3334d5db5d02c16eec7633780063
Targets
-
-
Target
06ccee05be0cb619beb6729d90111bb77577c68de4d2a07c60166ce541a6103d
-
Size
1.4MB
-
MD5
fd165fda80732035427ac5c9536506ac
-
SHA1
f23998921c36740a05380fc53c1bc5747a19db05
-
SHA256
06ccee05be0cb619beb6729d90111bb77577c68de4d2a07c60166ce541a6103d
-
SHA512
a58425dc863f6af016233367efed8476cb4177aac90ea623fc0b4df6a4ad3b4df99dc26cf14cc3f61bf24a74ab4043dc3454004e788e6c7e12fb901c8767b9d4
-
SSDEEP
24576:MHWmAFrsR4eEdzvikBXTpH4fGQDt7R61rvu6xQd0px1xr52itKQCE16SOtF:9sRsd3BDpH4fGK01q68WFEisTEESO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-