General
-
Target
4be4fa96fca0882f20c11f0e5217486b.bin
-
Size
129KB
-
Sample
230225-bk29gsbd7z
-
MD5
17d1bc30e59a25146f8d9294d67355b4
-
SHA1
8b17f25dc0b9f3d57186462a6e9d8568594028f4
-
SHA256
9d349a85859fede2540d74d39ea7a84f14a99ef38657ffe696ac999f8949fe0d
-
SHA512
f380b72b70fe77fff09684988f1481e70f518c86818aaeb20cfada06b94a9512a6f1626a7d83b89f97cb7ae9ed74002ab231919004bb0a15d0dfaa544447e175
-
SSDEEP
3072:YY6cjlFfcmAPtOGnhriYcojUodZ9ZN4xV6s50694bxn:B607fHANMmjUM3anhqb5
Static task
static1
Behavioral task
behavioral1
Sample
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
Sup
45.15.156.223:42971
-
auth_value
472a180e669f28c84ebddeebf18234c8
Targets
-
-
Target
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a.exe
-
Size
251KB
-
MD5
4be4fa96fca0882f20c11f0e5217486b
-
SHA1
e5f16d07a554a1c2a4482a84b058f73cb9e757c7
-
SHA256
94c4cbafa8293577b9617a5e3f7f71041fb9f9b9251c1efbf5e70fe9a9b30b1a
-
SHA512
f7d2f3f37aa840a5402be801239f15855892a48bf9eca998e8c459da83e52fd6e8b68e066d3657936ea1022a0a381e4b9800d7adb75756ece22be4fb3da27635
-
SSDEEP
6144:GGCY4I6GKyqr9YGzoUQbTmvYcR+C+eEO7wO:GGCY949YGW4R+CBE8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-