General
-
Target
f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
-
Size
6.0MB
-
Sample
230310-jkxm1adh7z
-
MD5
0be2195f5329e5298df9d85c30f812cc
-
SHA1
302d3acb2bdd6e8f203f4cd822b8e689e659c4e8
-
SHA256
f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
-
SHA512
ccce3ba10cf76755b410ec6d0116e3895d340c366c2a30d139e1852db385623f2d6d024943068dcd33850ac61be9010f86a489caecf3440b48d6c7a507255c8c
-
SSDEEP
98304:38idyGwWZvY2uWaoOzzxi1/6ONVF+Zcfwmb2du3mUiHFE8IUL7vlhEx:siUGwWZvY2FOzFi/+coM2g3mUAuLUL7g
Static task
static1
Behavioral task
behavioral1
Sample
f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
2
176.113.115.220:80
-
auth_value
1c7e8b342a4b74a6ab7150111e59bcde
Extracted
vidar
2.9
e8ae4cffdc2bb11850a1df8815a395df
https://t.me/nemesisgrow
https://steamcommunity.com/profiles/76561199471222742
http://65.109.12.165:80
-
profile_id_v2
e8ae4cffdc2bb11850a1df8815a395df
Targets
-
-
Target
f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
-
Size
6.0MB
-
MD5
0be2195f5329e5298df9d85c30f812cc
-
SHA1
302d3acb2bdd6e8f203f4cd822b8e689e659c4e8
-
SHA256
f6db72c05e52647a5876470d56f4fb7751f4f0947d9aba5ef21eac60528c73ba
-
SHA512
ccce3ba10cf76755b410ec6d0116e3895d340c366c2a30d139e1852db385623f2d6d024943068dcd33850ac61be9010f86a489caecf3440b48d6c7a507255c8c
-
SSDEEP
98304:38idyGwWZvY2uWaoOzzxi1/6ONVF+Zcfwmb2du3mUiHFE8IUL7vlhEx:siUGwWZvY2FOzFi/+coM2g3mUAuLUL7g
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-