General
-
Target
260e954d4df65c05e5b42a90e776b5657ec8a13ffbf520e79ab0dbaad5a54f8a
-
Size
2.5MB
-
Sample
230804-fephnahf26
-
MD5
0d9a733c112c47e0293dece98f7dd2d9
-
SHA1
679a8d9b67f1384aacb26cabb6e07b6da72a30c4
-
SHA256
260e954d4df65c05e5b42a90e776b5657ec8a13ffbf520e79ab0dbaad5a54f8a
-
SHA512
2a051ae06a7c1dc3946128ed1f4cacb905a4b661cf03eff2c64372bd1a87d54e7b62c4a33388eafe84e9c92ed9ce1e46c8a600a0d88ff04dcf63eb2129e54121
-
SSDEEP
12288:e3wupYk4ubGyS9AcJSqrE4fdv4OT4rP453Tu4XfUH2HF9+h54K4HH:egupYkvbGyS90Qv4OPZ9UCFs0
Malware Config
Extracted
redline
1112224312
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
260e954d4df65c05e5b42a90e776b5657ec8a13ffbf520e79ab0dbaad5a54f8a
-
Size
2.5MB
-
MD5
0d9a733c112c47e0293dece98f7dd2d9
-
SHA1
679a8d9b67f1384aacb26cabb6e07b6da72a30c4
-
SHA256
260e954d4df65c05e5b42a90e776b5657ec8a13ffbf520e79ab0dbaad5a54f8a
-
SHA512
2a051ae06a7c1dc3946128ed1f4cacb905a4b661cf03eff2c64372bd1a87d54e7b62c4a33388eafe84e9c92ed9ce1e46c8a600a0d88ff04dcf63eb2129e54121
-
SSDEEP
12288:e3wupYk4ubGyS9AcJSqrE4fdv4OT4rP453Tu4XfUH2HF9+h54K4HH:egupYkvbGyS90Qv4OPZ9UCFs0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-