General
-
Target
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb_JC.exe
-
Size
3.1MB
-
Sample
230813-lzqt4scg3x
-
MD5
b192f51a9a9b24335343f938ec013807
-
SHA1
fc9bf988de04d3aaca9ad58a560ce692bd3b3f19
-
SHA256
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb
-
SHA512
671af2f3026acf3659790424a3585fd269375e715d9cc216a2ab614dc02ccd69fe81eb68fda879a1ad98a7cc953c84de6a0774170a59b40237ace85210303c32
-
SSDEEP
49152:nb1M1G3PTXchznEJuuGHefKs2F9Oi3Tqs5nZBjdjo+BVQ2X:nbAQGd3TLTqs5Z7s+BVQ2X
Static task
static1
Behavioral task
behavioral1
Sample
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
777
5.75.163.194:25084
-
auth_value
001b77c5bf14ffc62c97804130865cf9
Targets
-
-
Target
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb_JC.exe
-
Size
3.1MB
-
MD5
b192f51a9a9b24335343f938ec013807
-
SHA1
fc9bf988de04d3aaca9ad58a560ce692bd3b3f19
-
SHA256
7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb
-
SHA512
671af2f3026acf3659790424a3585fd269375e715d9cc216a2ab614dc02ccd69fe81eb68fda879a1ad98a7cc953c84de6a0774170a59b40237ace85210303c32
-
SSDEEP
49152:nb1M1G3PTXchznEJuuGHefKs2F9Oi3Tqs5nZBjdjo+BVQ2X:nbAQGd3TLTqs5Z7s+BVQ2X
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-