General
-
Target
23f741b52b7e87e1c60fc0bf01380131.exe
-
Size
393KB
-
Sample
230323-a73cbsed5y
-
MD5
23f741b52b7e87e1c60fc0bf01380131
-
SHA1
6be433e4825265e741d8aeb33da2474208e5a2fe
-
SHA256
7580eaafc8deefaf9bee2fd30c112524cbc43418d5870e9c25438517a3b6d499
-
SHA512
483dcf9b6a21d3f844842b9a1140dbe364dab0d7e22d886d534b32f3a4e1999c9f06ee357be45c442ac5d3f02520b88e6725159d6a41933b0f8ea0c328cf0b3f
-
SSDEEP
6144:hA6OjImSHcpokzKplu+ovoLrliRlSme7KQt5jJ2:W6zmSH6okeu+UVlbm3N2
Static task
static1
Behavioral task
behavioral1
Sample
23f741b52b7e87e1c60fc0bf01380131.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
23f741b52b7e87e1c60fc0bf01380131.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
2
178.63.132.245:3917
-
auth_value
223a2fde8aedbf1df1b3b713ea46ca51
Targets
-
-
Target
23f741b52b7e87e1c60fc0bf01380131.exe
-
Size
393KB
-
MD5
23f741b52b7e87e1c60fc0bf01380131
-
SHA1
6be433e4825265e741d8aeb33da2474208e5a2fe
-
SHA256
7580eaafc8deefaf9bee2fd30c112524cbc43418d5870e9c25438517a3b6d499
-
SHA512
483dcf9b6a21d3f844842b9a1140dbe364dab0d7e22d886d534b32f3a4e1999c9f06ee357be45c442ac5d3f02520b88e6725159d6a41933b0f8ea0c328cf0b3f
-
SSDEEP
6144:hA6OjImSHcpokzKplu+ovoLrliRlSme7KQt5jJ2:W6zmSH6okeu+UVlbm3N2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-