General
-
Target
ecb1b0aba8a05ccab25debd3e571f4201541a168fe3ef485bc21987b72202d90
-
Size
308KB
-
Sample
230608-r9w2rsgh8s
-
MD5
3a94a6257a54c7067d6734fbca7908ef
-
SHA1
daf2f1d1f5a5e2f485091e57b2ca71a270c51db8
-
SHA256
ecb1b0aba8a05ccab25debd3e571f4201541a168fe3ef485bc21987b72202d90
-
SHA512
e8a8b2c09a0938a853af0174a4dcfe816b59833da1422e66406cc4a7fb8f2af82b5c4055777267af586df80b857b7f624812bfa4a3ee99a8485facfdce2966c1
-
SSDEEP
6144:aJiekRFHLXwvTygXUNVS4MGh1aBFrvz1xcxcVtEP:aJ4RCyR1aBFrvz1xcxyEP
Malware Config
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
ecb1b0aba8a05ccab25debd3e571f4201541a168fe3ef485bc21987b72202d90
-
Size
308KB
-
MD5
3a94a6257a54c7067d6734fbca7908ef
-
SHA1
daf2f1d1f5a5e2f485091e57b2ca71a270c51db8
-
SHA256
ecb1b0aba8a05ccab25debd3e571f4201541a168fe3ef485bc21987b72202d90
-
SHA512
e8a8b2c09a0938a853af0174a4dcfe816b59833da1422e66406cc4a7fb8f2af82b5c4055777267af586df80b857b7f624812bfa4a3ee99a8485facfdce2966c1
-
SSDEEP
6144:aJiekRFHLXwvTygXUNVS4MGh1aBFrvz1xcxcVtEP:aJ4RCyR1aBFrvz1xcxyEP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-