General
-
Target
Installer.exe
-
Size
1.2MB
-
Sample
230722-jpww9saa28
-
MD5
44dec7524ec27f79d2672229ec6c2c9c
-
SHA1
388ca4c01912394eee2dc0f7bbc5df591f1bf29a
-
SHA256
b34b6bcd3cbb05bc2669aa42ee5aad7d1dfb38da9d812201ab3697b146386001
-
SHA512
2d901485d39a57fd7946228f2ba5541a5f1788bf92520d742601859225a7ffa87e7cf4e0f09e4c9ae157475babbe715790128e05e57a17e44fd96b4730850292
-
SSDEEP
24576:0A0SPqZ0pgfBUBJX2xrlDiEXsFPloA369:V/gfBUBJXIiEXiqA3e
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
2
77.246.109.183:43893
-
auth_value
505f25c1d56b06ffc67ad4c541d5fcf0
Targets
-
-
Target
Installer.exe
-
Size
1.2MB
-
MD5
44dec7524ec27f79d2672229ec6c2c9c
-
SHA1
388ca4c01912394eee2dc0f7bbc5df591f1bf29a
-
SHA256
b34b6bcd3cbb05bc2669aa42ee5aad7d1dfb38da9d812201ab3697b146386001
-
SHA512
2d901485d39a57fd7946228f2ba5541a5f1788bf92520d742601859225a7ffa87e7cf4e0f09e4c9ae157475babbe715790128e05e57a17e44fd96b4730850292
-
SSDEEP
24576:0A0SPqZ0pgfBUBJX2xrlDiEXsFPloA369:V/gfBUBJXIiEXiqA3e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-