General
-
Target
b80208db87959b5ab939dde5d35dec7b.exe
-
Size
1.1MB
-
Sample
230608-dwbl1sbe32
-
MD5
b80208db87959b5ab939dde5d35dec7b
-
SHA1
e0800c8d84f50f2b2f5a1d5a415ba5e7fd375a17
-
SHA256
74206dad60a538ee15736cbb16144ec2e6efaeff136704a08a202b3d527c3339
-
SHA512
c8aad8e723b1e9fb972e80cc8904124f4170fcafe30cc2836236c77144590464fabbbe05071f6f6bf5bc8d6df00f4fc28ec0fc088e603ad5c4ed1a2ae96e6f20
-
SSDEEP
6144:yJQDHOWz0mlq04FwbiajNhbxFZ8Z0AO+lA+xhGF5HMwEYO+3uwsTnshYar:y4HVPq9Fwbi0iAF5oYjUjiYQ
Static task
static1
Behavioral task
behavioral1
Sample
b80208db87959b5ab939dde5d35dec7b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b80208db87959b5ab939dde5d35dec7b.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
2
95.216.249.153:81
-
auth_value
101013a5e99e0857595aae297a11351d
Targets
-
-
Target
b80208db87959b5ab939dde5d35dec7b.exe
-
Size
1.1MB
-
MD5
b80208db87959b5ab939dde5d35dec7b
-
SHA1
e0800c8d84f50f2b2f5a1d5a415ba5e7fd375a17
-
SHA256
74206dad60a538ee15736cbb16144ec2e6efaeff136704a08a202b3d527c3339
-
SHA512
c8aad8e723b1e9fb972e80cc8904124f4170fcafe30cc2836236c77144590464fabbbe05071f6f6bf5bc8d6df00f4fc28ec0fc088e603ad5c4ed1a2ae96e6f20
-
SSDEEP
6144:yJQDHOWz0mlq04FwbiajNhbxFZ8Z0AO+lA+xhGF5HMwEYO+3uwsTnshYar:y4HVPq9Fwbi0iAF5oYjUjiYQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-