General
-
Target
file.exe
-
Size
275KB
-
Sample
230311-s1xglsaa92
-
MD5
4b4fcb4bf098de394c89c6aa6eb0480e
-
SHA1
75d41d02227f70002f15e963ec774f6269e7383d
-
SHA256
f98254fc054ad990b23b14f0f1ec3ed61bbe43db4f44cc0ac8510b886b4c6c62
-
SHA512
0a3f2f96054f9339c73857569bd3a9fc1f0d1050434f883b437b99508da4b23f45a0e7f712a8d841c3d37525eb393c45e7ae538816dee4a40a18bf315e4517cf
-
SSDEEP
3072:W3ulWbph6qoA3xKaay6YtbtauzZvBW3oXd9jxfwjKosZUvEz/SV0efZXGkvwg2:W3ulIpQnA3xIOxauVvsYXlfwjXTVkkIB
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
TG
185.244.182.218:2027
-
auth_value
797af1930057d299397fd39ab31da9cc
Targets
-
-
Target
file.exe
-
Size
275KB
-
MD5
4b4fcb4bf098de394c89c6aa6eb0480e
-
SHA1
75d41d02227f70002f15e963ec774f6269e7383d
-
SHA256
f98254fc054ad990b23b14f0f1ec3ed61bbe43db4f44cc0ac8510b886b4c6c62
-
SHA512
0a3f2f96054f9339c73857569bd3a9fc1f0d1050434f883b437b99508da4b23f45a0e7f712a8d841c3d37525eb393c45e7ae538816dee4a40a18bf315e4517cf
-
SSDEEP
3072:W3ulWbph6qoA3xKaay6YtbtauzZvBW3oXd9jxfwjKosZUvEz/SV0efZXGkvwg2:W3ulIpQnA3xIOxauVvsYXlfwjXTVkkIB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-