General
-
Target
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
-
Size
261KB
-
Sample
230320-bgnlxsba43
-
MD5
d4dc65ad800c813f2620480ea13465c8
-
SHA1
706b23422f53bf4b77145621d537084686b1a84a
-
SHA256
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
-
SHA512
a9500576f848ef86a522f19ac9b7b3cdacc2e03b38a188ef13afa11b48cd12af9f23dc838f1cfed2bf1e7b3d82a7cfdcf6e83add97191ede5a8a8011424f5608
-
SSDEEP
3072:BQdvD31Z02yTrCF9Cfvw75RatnY1X5EHKn3aMZU8aC1arKkeY0YvFPtftqtyJxI/:BQtFKvCF9CfveRwnAAkZy8aeYFBtM
Static task
static1
Behavioral task
behavioral1
Sample
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
build_main
80.85.156.168:20189
-
auth_value
5e5c9cacc6d168f8ade7fb6419edb114
Targets
-
-
Target
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
-
Size
261KB
-
MD5
d4dc65ad800c813f2620480ea13465c8
-
SHA1
706b23422f53bf4b77145621d537084686b1a84a
-
SHA256
6fda74eb6edbc572002d77d77ce0818d03faedd0be77367ffd02e44ff0e595c8
-
SHA512
a9500576f848ef86a522f19ac9b7b3cdacc2e03b38a188ef13afa11b48cd12af9f23dc838f1cfed2bf1e7b3d82a7cfdcf6e83add97191ede5a8a8011424f5608
-
SSDEEP
3072:BQdvD31Z02yTrCF9Cfvw75RatnY1X5EHKn3aMZU8aC1arKkeY0YvFPtftqtyJxI/:BQtFKvCF9CfveRwnAAkZy8aeYFBtM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-