General
-
Target
file
-
Size
636KB
-
Sample
230816-rk1zesdb9y
-
MD5
e063c836d7f625542dbff037e69e5e8a
-
SHA1
dd8b64d02635b5ff31e88d257777266bad0a9d87
-
SHA256
e644df9fb12d4f5a7fbbe88089460509153fd88160c35ff155fabf837d632a36
-
SHA512
b3ec98aa9775ebc5d3d78c5294a2c40d6d9d4af575d2fb0cbb279a7c8ca3324955a93b67c81e53458105c09117bbdb1a372d6a12e79102c97a35e71307a1a4e2
-
SSDEEP
12288:pIdR/L2wA8UePhz2j01+PDkRGqOBr1gIlC1DM0+c2XZbW03:0L3Afeojhtl1gIlC1DMh20
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
3
101.99.92.59:34511
-
auth_value
aeea794f6d496324144b155850fe9769
Targets
-
-
Target
file
-
Size
636KB
-
MD5
e063c836d7f625542dbff037e69e5e8a
-
SHA1
dd8b64d02635b5ff31e88d257777266bad0a9d87
-
SHA256
e644df9fb12d4f5a7fbbe88089460509153fd88160c35ff155fabf837d632a36
-
SHA512
b3ec98aa9775ebc5d3d78c5294a2c40d6d9d4af575d2fb0cbb279a7c8ca3324955a93b67c81e53458105c09117bbdb1a372d6a12e79102c97a35e71307a1a4e2
-
SSDEEP
12288:pIdR/L2wA8UePhz2j01+PDkRGqOBr1gIlC1DM0+c2XZbW03:0L3Afeojhtl1gIlC1DMh20
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-