General
-
Target
0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f.zip
-
Size
3.3MB
-
Sample
230328-md19dscb5t
-
MD5
158ecfd6954c8a12e4a57c987ae52743
-
SHA1
e645681217455432e61fdcca30818bf2dc423777
-
SHA256
5889701edea47f9066444e22416768b6ce8161882d9b674bd4ff396a7b6894a3
-
SHA512
c33f65966621c7e2280d84fdd19a59c62bf088b88c14e09559e88f394ef67eb826e6cf4ef1279d170cc294b8d977eec63c5d864c1b41a656424aff54075d2c7c
-
SSDEEP
98304:JE41SPmXk+yJgWGanXX7WbnHzEWvojLcirrKyQXoN+WgA:BSujWRnXXybT8HyPXoNRgA
Behavioral task
behavioral1
Sample
0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
TEAMSHTORM2
89.23.96.71:23288
-
auth_value
72fd180664c5b4a9157fac724352167e
Targets
-
-
Target
0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f
-
Size
6.9MB
-
MD5
847659c3764c1df0df42572d18d7a665
-
SHA1
bbeec55f6d2331c2777e392879e1766a5f5452c9
-
SHA256
0310e4f7a30db33bf134c69f08857b5bd5ca68b1bb64e5797bb05405061a5d3f
-
SHA512
b3e3e8e537dc6501640bfba489f40ead6fe4d802ba0889cc82d12e7024dc0171cda5f938b5a91792af519512df4560a6e8ec2c89278132d3e038db00310e3c31
-
SSDEEP
49152:bFk1xJD5Wlgqinnm4upZ5oE7tQmLs0CNMMkxQwCmb6ApweeqNpdRPGa3:bi1nnm4uBtLAMDKmbve8dR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-