General
-
Target
1b593af8090548ec0dde5e4caf6f6f66.exe
-
Size
755KB
-
Sample
230323-17ffnsae38
-
MD5
1b593af8090548ec0dde5e4caf6f6f66
-
SHA1
68a50bafece742232199a75ed34e50b10407f3e9
-
SHA256
2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917
-
SHA512
0a95c4f8a9ac155157419d0ccb4ecce5672c0922e94451d34d337a77166d6a08ac1b1f8fc93fccb357f1deae4b43e5729b8f22a974f4d5eac86c5ebfd5a9157f
-
SSDEEP
12288:fsT8jeFG6sFwXAUL0J1o+4J1o+4J1o+4J1o+4J1o+4J1o+D:f6E76QwQUYyyyyy9
Static task
static1
Behavioral task
behavioral1
Sample
1b593af8090548ec0dde5e4caf6f6f66.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1b593af8090548ec0dde5e4caf6f6f66.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
15
94.142.138.175:46919
-
auth_value
41a7d046ed64a7174cc0fcdc3fd569b8
Targets
-
-
Target
1b593af8090548ec0dde5e4caf6f6f66.exe
-
Size
755KB
-
MD5
1b593af8090548ec0dde5e4caf6f6f66
-
SHA1
68a50bafece742232199a75ed34e50b10407f3e9
-
SHA256
2d63e04f5e4cad715c71a925993248d53d2a14f9289efb9be2725479d41ab917
-
SHA512
0a95c4f8a9ac155157419d0ccb4ecce5672c0922e94451d34d337a77166d6a08ac1b1f8fc93fccb357f1deae4b43e5729b8f22a974f4d5eac86c5ebfd5a9157f
-
SSDEEP
12288:fsT8jeFG6sFwXAUL0J1o+4J1o+4J1o+4J1o+4J1o+4J1o+D:f6E76QwQUYyyyyy9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-