General
-
Target
3f8f5177e8907b126f2575b67aea9db1.bin
-
Size
352KB
-
Sample
230623-bla7dscc7s
-
MD5
a006e129936b25483f40098feafc058f
-
SHA1
b1f3e911020fb9ee0a0d40c5d477a201f717602f
-
SHA256
347a697112c7838b199fa23d7f730b264d189262f3a1520ed965d74a97813634
-
SHA512
7b7983d89b91c9a2af5c0b1e97ce89ef416a0ea115d3c6033430f950be1cef06244c80d696c54a4d21ceb1ed2ff42113a8c6f383b74e318ffcb53727811398ff
-
SSDEEP
6144:17z8llVWWjf8K3xXk5tTcS7qDP/VyFz/mvn7kufPOlEpZGoG6QCaP:yHVWWjf8gJQ7q7/INmYukELGH6Q3
Static task
static1
Behavioral task
behavioral1
Sample
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
top
83.97.73.124:53
-
auth_value
053e5ccc53982413753b68419138b23a
Targets
-
-
Target
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326.exe
-
Size
602KB
-
MD5
3f8f5177e8907b126f2575b67aea9db1
-
SHA1
30ac43a9c6dd799441519db56a14bf1a0e2b5bab
-
SHA256
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326
-
SHA512
1537bb2ad49921ee5ef54ca940485d1ae9a4ec7308c77f938a47ce7451ce2e8e0638bf73511c092acfb0b1277a2c91ff202278b582d2b5319fa647b7e988f398
-
SSDEEP
6144:yJA+PQrKTvHaAGrWg8zg3JW+1LTgMDCkTQTplln9AwDKFp2XhIxwHl7czJ2nybTx:yC+Qr/AEWzzg5FkeCk0lN6pIjHayO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-