General
-
Target
570efc68da46e50e3eea236631563a18.exe
-
Size
6.5MB
-
Sample
230825-j8zr9sbg9t
-
MD5
570efc68da46e50e3eea236631563a18
-
SHA1
a3005e8c78bbff5b78c2a50d5076115119d2a526
-
SHA256
97d5f77f0a710652228f3275c412593cf378cd631ab0cf32e922a1dce1dd9c7f
-
SHA512
e0522026b5872db2ab2ca32d741d42b0783edf0c64b1a02b73fc566eb0fc99d323ce42ce79f6ca811e4428383bfc1db596bb5406d2a2456e7d6a76a8e0c3c3b0
-
SSDEEP
196608:RMrnBhp03r6MN7bIv/ir/xPvhRS23TTdYeDtmC7uO/:RMrb+7FhIv/i9HjS2DTlDwCCO
Static task
static1
Behavioral task
behavioral1
Sample
570efc68da46e50e3eea236631563a18.exe
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
570efc68da46e50e3eea236631563a18.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
570efc68da46e50e3eea236631563a18.exe
-
Size
6.5MB
-
MD5
570efc68da46e50e3eea236631563a18
-
SHA1
a3005e8c78bbff5b78c2a50d5076115119d2a526
-
SHA256
97d5f77f0a710652228f3275c412593cf378cd631ab0cf32e922a1dce1dd9c7f
-
SHA512
e0522026b5872db2ab2ca32d741d42b0783edf0c64b1a02b73fc566eb0fc99d323ce42ce79f6ca811e4428383bfc1db596bb5406d2a2456e7d6a76a8e0c3c3b0
-
SSDEEP
196608:RMrnBhp03r6MN7bIv/ir/xPvhRS23TTdYeDtmC7uO/:RMrb+7FhIv/i9HjS2DTlDwCCO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-