General
-
Target
01366899.exe
-
Size
1.7MB
-
Sample
230611-j9dw7agg29
-
MD5
a4aab901f5f4662d75a66bdb08971148
-
SHA1
9835bae8776e280b5a6bcf8e204d1bca5e05b0f6
-
SHA256
8eb56a2f631dd8b6e3cf827e2022dd3714b805eb377d4e186a41384ec624376c
-
SHA512
a4a86338d24118d20242714da4ac9df72a0954c7c7cfa4be80cb2495b2ced651e328b4fbf1e66ac844f76f838efd591baade7b2dca019917964ac0b7a73c479f
-
SSDEEP
24576:YwJAcH22+6MA333QaUozWal46B7Owg/63wXByw/OK:bJAcH22KA3339UPaewgrByq
Static task
static1
Behavioral task
behavioral1
Sample
01366899.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
01366899.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
090623_11_red
goodlogs.neverever.ug:11615
-
auth_value
ca62706abf6895102883ab0c8a86ddff
Targets
-
-
Target
01366899.exe
-
Size
1.7MB
-
MD5
a4aab901f5f4662d75a66bdb08971148
-
SHA1
9835bae8776e280b5a6bcf8e204d1bca5e05b0f6
-
SHA256
8eb56a2f631dd8b6e3cf827e2022dd3714b805eb377d4e186a41384ec624376c
-
SHA512
a4a86338d24118d20242714da4ac9df72a0954c7c7cfa4be80cb2495b2ced651e328b4fbf1e66ac844f76f838efd591baade7b2dca019917964ac0b7a73c479f
-
SSDEEP
24576:YwJAcH22+6MA333QaUozWal46B7Owg/63wXByw/OK:bJAcH22KA3339UPaewgrByq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-