General
-
Target
bbb3ea0ee3fc865e9d6b34b208f689d041f542449a76472f5f03975384861a7a
-
Size
1.5MB
-
Sample
230827-ffrz6sfe59
-
MD5
0a8a38817e7656b0610024fba4c6eb93
-
SHA1
ce0de6d2c54cbb504f6f5bdddc44ec98cee76942
-
SHA256
bbb3ea0ee3fc865e9d6b34b208f689d041f542449a76472f5f03975384861a7a
-
SHA512
8ee3cef44dee08faab296764248097d8b934f886911947daae873f0e1682ef2b2da7326993af1f941d95c75be9373078d55fa1aa39e591cdf2f65050bc5a126f
-
SSDEEP
24576:cCblaP7fhcZaMLhQZZ/ECOqrHcmMa3Eu:EfhcZatMJ6uaB
Malware Config
Extracted
redline
Lab
46.149.77.25:8599
-
auth_value
bcb5a9c30494f9f67c7afdcd7c2ceea7
Targets
-
-
Target
bbb3ea0ee3fc865e9d6b34b208f689d041f542449a76472f5f03975384861a7a
-
Size
1.5MB
-
MD5
0a8a38817e7656b0610024fba4c6eb93
-
SHA1
ce0de6d2c54cbb504f6f5bdddc44ec98cee76942
-
SHA256
bbb3ea0ee3fc865e9d6b34b208f689d041f542449a76472f5f03975384861a7a
-
SHA512
8ee3cef44dee08faab296764248097d8b934f886911947daae873f0e1682ef2b2da7326993af1f941d95c75be9373078d55fa1aa39e591cdf2f65050bc5a126f
-
SSDEEP
24576:cCblaP7fhcZaMLhQZZ/ECOqrHcmMa3Eu:EfhcZatMJ6uaB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-