General
-
Target
file.exe
-
Size
1.9MB
-
Sample
230710-g3pn1ahg9s
-
MD5
251cc9c3455844f3eaa98b0fc2c1ded4
-
SHA1
5199e0bb9c9bce61b2b80a2ccc09bfc1c2b6da05
-
SHA256
75a5cf0475460c31e228bd47cfb22b11300156aced58a14c6d6faba407fe2c2d
-
SHA512
f22c91d2af55eb37e93bdcd31953926bdcfdd621829e375da25f4e058eb67084922d08c6831366523dc698a59c9c3d61b6bf8a7c2009df16959df88e68612c31
-
SSDEEP
6144:p9WOZZrGrsSFB+ekKM1V3XAOP9krrXwLbbtCfi3bEDNLgXsNxqUO2IaO9w+Pk+uE:zrZZrGrsSu3X19k3KQi3bqNLqF2Nj2L
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230705-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
installs
45.9.74.117:15394
-
auth_value
1e9e371d6ad77e4f1df6c259f3a2f754
Targets
-
-
Target
file.exe
-
Size
1.9MB
-
MD5
251cc9c3455844f3eaa98b0fc2c1ded4
-
SHA1
5199e0bb9c9bce61b2b80a2ccc09bfc1c2b6da05
-
SHA256
75a5cf0475460c31e228bd47cfb22b11300156aced58a14c6d6faba407fe2c2d
-
SHA512
f22c91d2af55eb37e93bdcd31953926bdcfdd621829e375da25f4e058eb67084922d08c6831366523dc698a59c9c3d61b6bf8a7c2009df16959df88e68612c31
-
SSDEEP
6144:p9WOZZrGrsSFB+ekKM1V3XAOP9krrXwLbbtCfi3bEDNLgXsNxqUO2IaO9w+Pk+uE:zrZZrGrsSu3X19k3KQi3bqNLqF2Nj2L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-