General
-
Target
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8.exe
-
Size
1.3MB
-
Sample
230323-eg3bvsdd46
-
MD5
2980fb50198e1b65a18dbbffec913abe
-
SHA1
c0f5e90552753c370fc2b1669a1127bab1aa6f19
-
SHA256
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8
-
SHA512
3b8dbc9ddca5817f86158d13b12ad792ea51bd6adbd29fa4edcee1e440e33232d4d4cca3a4dd485128a6f6eef7a10416621202c3677af5ae5458c0c1612f4c5e
-
SSDEEP
12288:N1esTpAql2Gh6YNqbCNqbCNqbCNqbCNqbCNqbk:N1es1VLQYNqWNqWNqWNqWNqWNq4
Static task
static1
Behavioral task
behavioral1
Sample
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
install
82.115.223.60:32364
-
auth_value
c5ab9379e44625110c1865b18c6df03d
Targets
-
-
Target
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8.exe
-
Size
1.3MB
-
MD5
2980fb50198e1b65a18dbbffec913abe
-
SHA1
c0f5e90552753c370fc2b1669a1127bab1aa6f19
-
SHA256
d54c611206f44e7cad6d84e74601a2c68c29e49ebc4183b4cdf1002816a431b8
-
SHA512
3b8dbc9ddca5817f86158d13b12ad792ea51bd6adbd29fa4edcee1e440e33232d4d4cca3a4dd485128a6f6eef7a10416621202c3677af5ae5458c0c1612f4c5e
-
SSDEEP
12288:N1esTpAql2Gh6YNqbCNqbCNqbCNqbCNqbCNqbk:N1es1VLQYNqWNqWNqWNqWNqWNq4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-