General
-
Target
file
-
Size
894KB
-
Sample
230206-yz1qjaff99
-
MD5
f6f9f20c6d8deb6b59771153ba09ea6e
-
SHA1
b95a95a4a6bc28656c95c49f2df528c41cd0afa4
-
SHA256
0c7e767a14e8e18e4764fb71e0af2f50a556c7ec6f900ac486d656067835c2f9
-
SHA512
45edcbdb9a37d5dd0cd05b8e274b944c250f842bed5bbeb171b66e32269f62fc823c9380aa8abe82a100328d52fd51e252a378a3b150d5866227270053e9e548
-
SSDEEP
12288:3hJMAgttxlpdhVZNRqrLJS/3Am07Kyv2uqg9YXNreTl/0bvtp:3hzrLJSISyv2uqg9Yo/6p
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
new
212.8.246.130:18556
-
auth_value
f6b61af86ca1022111ea330530090926
Targets
-
-
Target
file
-
Size
894KB
-
MD5
f6f9f20c6d8deb6b59771153ba09ea6e
-
SHA1
b95a95a4a6bc28656c95c49f2df528c41cd0afa4
-
SHA256
0c7e767a14e8e18e4764fb71e0af2f50a556c7ec6f900ac486d656067835c2f9
-
SHA512
45edcbdb9a37d5dd0cd05b8e274b944c250f842bed5bbeb171b66e32269f62fc823c9380aa8abe82a100328d52fd51e252a378a3b150d5866227270053e9e548
-
SSDEEP
12288:3hJMAgttxlpdhVZNRqrLJS/3Am07Kyv2uqg9YXNreTl/0bvtp:3hzrLJSISyv2uqg9Yo/6p
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-