General
-
Target
9a86c98d91a1795bdd8abba614f47a7f5ccad05370231a74be952b12f3cca170
-
Size
1.4MB
-
Sample
230616-ml65lsee38
-
MD5
217ba190f5ed42238e9b1c05f2eaf386
-
SHA1
6959f1f880603094edee516e977255aeb2873989
-
SHA256
9a86c98d91a1795bdd8abba614f47a7f5ccad05370231a74be952b12f3cca170
-
SHA512
36a8ac5e5c5851d83145e914af25c9dfba779004817bcb3971b675a0d758301f78757fb2791b03c6b933ade83574c0c0c4d0309dafc69b6b136a0bf397281ca4
-
SSDEEP
24576:8pdfmao+1agufMj+JiVpHM2q4r+PgemaiPuCOHXVA7lxNG6cSVY8b4bTj6:8prJ1agsM9NM2q4r+PprCOFA70asT2
Malware Config
Extracted
redline
top
83.97.73.124:53
-
auth_value
053e5ccc53982413753b68419138b23a
Targets
-
-
Target
9a86c98d91a1795bdd8abba614f47a7f5ccad05370231a74be952b12f3cca170
-
Size
1.4MB
-
MD5
217ba190f5ed42238e9b1c05f2eaf386
-
SHA1
6959f1f880603094edee516e977255aeb2873989
-
SHA256
9a86c98d91a1795bdd8abba614f47a7f5ccad05370231a74be952b12f3cca170
-
SHA512
36a8ac5e5c5851d83145e914af25c9dfba779004817bcb3971b675a0d758301f78757fb2791b03c6b933ade83574c0c0c4d0309dafc69b6b136a0bf397281ca4
-
SSDEEP
24576:8pdfmao+1agufMj+JiVpHM2q4r+PgemaiPuCOHXVA7lxNG6cSVY8b4bTj6:8prJ1agsM9NM2q4r+PprCOFA70asT2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-