General
-
Target
4be4fa96fca0882f20c11f0e5217486b.exe
-
Size
251KB
-
Sample
230223-q65n3ahh3x
-
MD5
4be4fa96fca0882f20c11f0e5217486b
-
SHA1
e5f16d07a554a1c2a4482a84b058f73cb9e757c7
-
SHA256
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a
-
SHA512
f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635
-
SSDEEP
6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8
Static task
static1
Behavioral task
behavioral1
Sample
4be4fa96fca0882f20c11f0e5217486b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4be4fa96fca0882f20c11f0e5217486b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
Sup
45.15.156.223:42971
-
auth_value
472a180e669f28c84ebddeebf18234c8
Targets
-
-
Target
4be4fa96fca0882f20c11f0e5217486b.exe
-
Size
251KB
-
MD5
4be4fa96fca0882f20c11f0e5217486b
-
SHA1
e5f16d07a554a1c2a4482a84b058f73cb9e757c7
-
SHA256
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a
-
SHA512
f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635
-
SSDEEP
6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-