General
-
Target
e80944ad1b3d3757b5f097275ff7aa71.bin
-
Size
203KB
-
Sample
230610-c2pv6aea94
-
MD5
600e26267934643b3f93c82d64bd7205
-
SHA1
28b3a9d36a9332efbb357286107204f9daa0d122
-
SHA256
b2ecf0ed4b380ac43e18582a7fe53bbe8d7f8a408c787efc08dac933c90099e2
-
SHA512
d0571edb3f5de2ae1840ea91195973fbc93e38b0800223cea454859e0cf60be6f94f4d4fcfde439dc23825535811408c368f1169463881033e3ff62012d6b540
-
SSDEEP
3072:k+emajWGfsSDObaUuxnkjZLs3pUe8vp+KqdSf/r4qT+MARsRYSCeiQBP64dBo5:Zw9amWjZLs3mZaKt+3RsuciQs4ds
Static task
static1
Behavioral task
behavioral1
Sample
d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
vcxz
185.244.181.112:39640
-
auth_value
c3f64556104479e612e28b2f8aaf39e5
Targets
-
-
Target
d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8.exe
-
Size
1.0MB
-
MD5
e80944ad1b3d3757b5f097275ff7aa71
-
SHA1
6271aaebc264ba1c6e42c9a7d109270eaeac52ce
-
SHA256
d322cd714f9a91593e01dfe061b4b6983cf70c4b9e2321dcd45a55ffa79303c8
-
SHA512
11284c5d8030114f228e9fe7b73d70f56dbe362c399728284d50b324131579ef049593db4315107a533ee5945b997b77d235ae921a3cd0be44d1b5a038c37dbd
-
SSDEEP
6144:iwZTqmvKC3kd49fAzyym05F7vfbAOsolBoQBV3Kf6Ww5LNZfT3wPY6kuYw:iWqmSOky9fAzTOu46WwL1whpYw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-