General
-
Target
0671e541dd49a75a51d3190702aa9a61.exe
-
Size
294KB
-
Sample
230402-t1cymshc79
-
MD5
0671e541dd49a75a51d3190702aa9a61
-
SHA1
4b259b247e91d05518f998c1d2e0f1456b5392b2
-
SHA256
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
-
SHA512
af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
-
SSDEEP
3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l
Static task
static1
Behavioral task
behavioral1
Sample
0671e541dd49a75a51d3190702aa9a61.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0671e541dd49a75a51d3190702aa9a61.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
10
89.22.237.107:24535
-
auth_value
6b5e517291c4d46e2fb551701ebd3f2f
Targets
-
-
Target
0671e541dd49a75a51d3190702aa9a61.exe
-
Size
294KB
-
MD5
0671e541dd49a75a51d3190702aa9a61
-
SHA1
4b259b247e91d05518f998c1d2e0f1456b5392b2
-
SHA256
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
-
SHA512
af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
-
SSDEEP
3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-