General
-
Target
0671e541dd49a75a51d3190702aa9a61.bin
-
Size
161KB
-
Sample
230404-bdvaasdh2w
-
MD5
f70c4b9156b74fbfd6b4e6e3fcebe3f2
-
SHA1
a83fdcdae6c006c19fdaae0682bda10ac0306de9
-
SHA256
41277a31f0af811fa594a9c4aaf9dbbb3155c3dd276f8fa9318f4e7689bfe0ab
-
SHA512
4f18ae8b7481f14aa6333f4ce78e9703c0412a8725533d1d18c234452aea3c6bd723d08feb48a5e3896a796198d91d9d67a001955e9987f612f0499a8306d141
-
SSDEEP
3072:huO1mKE6pDX2nY/aHLRT77Wq7lGUyhE5c+Zz0bAVo7fG:huCrEGX2nLH7WBPhE5cAwIOu
Static task
static1
Behavioral task
behavioral1
Sample
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
10
89.22.237.107:24535
-
auth_value
6b5e517291c4d46e2fb551701ebd3f2f
Targets
-
-
Target
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec.exe
-
Size
294KB
-
MD5
0671e541dd49a75a51d3190702aa9a61
-
SHA1
4b259b247e91d05518f998c1d2e0f1456b5392b2
-
SHA256
2d48bc00f7f660d2c78d3a01559ca4a8e16761fc074d225ab6af4954b80282ec
-
SHA512
af59e97b416b5e035f4b676b28fd4d81d103299f5e934b3a8b3cf01a393931dfd0a4a0878ee79157e5df6aadacd5436e07e352e16d9fc3d747ab514cf320cb7d
-
SSDEEP
3072:XhVbaRGSFaMmFWFu8RYN2yDc4TqkuqCMisloA4dKfslVBVNovhSxov3xB4XhfxV:y3mFW8bc5jMrloA40fsVVESyvn4l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-