General
-
Target
cbe8af1bd5f5737ee10311bf3b2009c4.bin
-
Size
138KB
-
Sample
230610-ctqgqaeg5s
-
MD5
c1a9a6da9a42c502da32a49de0e961fc
-
SHA1
96680de5e6926e57f4060986ca1264fd60178839
-
SHA256
737edd04a475bfd87b9f7549eaada5b6a445b64972db3aa3e0f55b7d82107c03
-
SHA512
da61bf8307ed1103830b56e039be8c3637a57568859f4304547bf472ed52b47a6b648359bc3464eac78afd828f1eb2a481fa7815421bf6a662214a68a24da95f
-
SSDEEP
3072:stQML3vRsnqYmK2JSsrhvgqnz9QWusnbuuuK2Pv4llMiSjXWsP2ml:stlLfJM23SE9tnburK2Pv6lMiS7x2S
Static task
static1
Behavioral task
behavioral1
Sample
06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
lux3
176.123.9.142:14845
-
auth_value
e94dff9a76da90d6b000642c4a52574b
Targets
-
-
Target
06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f.exe
-
Size
304KB
-
MD5
cbe8af1bd5f5737ee10311bf3b2009c4
-
SHA1
1dcd3aa218231f7a76db330c39abaf56d35a0c26
-
SHA256
06a152194976346ea573394df32e58244ec5f1d9f97008d1fd69ae7146f47c4f
-
SHA512
4e3e0337c6de5d0be5514266fbedfeb577d3c684277e2d2692ad73a459fee4695479f383697e517eab9dd24f9fe7692e4d84813b12b2e843a79c2c4f0c4d4a16
-
SSDEEP
6144:DJiaQVtzlRba+Y0P0imtipjXkhoyXlVwXCcetePH:DJ4VN40ZXkhoyXlVwXCNePH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-