General
-
Target
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
-
Size
260KB
-
Sample
230206-17ppcagb55
-
MD5
5d8f1243dce027bc2aba017ab5cf94b1
-
SHA1
6248d602631b088c598f458ae7f28fdd0c937574
-
SHA256
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
-
SHA512
f3d8a8bfaca6448bee4a662494694f386b26ca2399a7a593f062ffc4e0e5c2dae88b96730323c43ddb5b94d59381c13df7db4d542bd907359020714fac073004
-
SSDEEP
3072:MPs3ojNeRHmbT7j755lonGJvOueqO/XDA3hDDJ5fCiTQn2AsuLxGjJltSA+iY:MkojWHUTPjVlOPDA3hDDJ5fCTAhY
Static task
static1
Behavioral task
behavioral1
Sample
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
95.217.146.176:4285
-
auth_value
a909e2aaecf96137978fea4f86400b9b
Targets
-
-
Target
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
-
Size
260KB
-
MD5
5d8f1243dce027bc2aba017ab5cf94b1
-
SHA1
6248d602631b088c598f458ae7f28fdd0c937574
-
SHA256
ee54ff194cf6b943f2e978d2cf0c0c0f152621069e47c6d108b9a7db38270238
-
SHA512
f3d8a8bfaca6448bee4a662494694f386b26ca2399a7a593f062ffc4e0e5c2dae88b96730323c43ddb5b94d59381c13df7db4d542bd907359020714fac073004
-
SSDEEP
3072:MPs3ojNeRHmbT7j755lonGJvOueqO/XDA3hDDJ5fCiTQn2AsuLxGjJltSA+iY:MkojWHUTPjVlOPDA3hDDJ5fCTAhY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-