General
-
Target
file.exe
-
Size
556KB
-
Sample
230619-h8ypjacd34
-
MD5
46bc9e2a70edd134a6420dc4c98a3668
-
SHA1
2a3341ab80cde0d14be3e701a7c6ccb6b25077c0
-
SHA256
8794abaf3a4964f9ffbcc0f75bd96af30b4b6b4e307c048eb497ae2dc4458c27
-
SHA512
36f9a1d87c20fc51cdc8c1d0c2809225008616a7d782473fc988347ef9c2e123546da24d225b2c76eb6f8e2fc7f3a75cf558313deb98d1b13628e55bd14e3415
-
SSDEEP
12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo90:LWaH7foFcnphsPbc2uBtoEHLH9boW
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
2
95.216.249.153:81
-
auth_value
101013a5e99e0857595aae297a11351d
Targets
-
-
Target
file.exe
-
Size
556KB
-
MD5
46bc9e2a70edd134a6420dc4c98a3668
-
SHA1
2a3341ab80cde0d14be3e701a7c6ccb6b25077c0
-
SHA256
8794abaf3a4964f9ffbcc0f75bd96af30b4b6b4e307c048eb497ae2dc4458c27
-
SHA512
36f9a1d87c20fc51cdc8c1d0c2809225008616a7d782473fc988347ef9c2e123546da24d225b2c76eb6f8e2fc7f3a75cf558313deb98d1b13628e55bd14e3415
-
SSDEEP
12288:L0BaH7DjoFcnpVvRLxVuPb7w2fGBtoEHLH9vzo90:LWaH7foFcnphsPbc2uBtoEHLH9boW
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-