General
-
Target
Setup.exe
-
Size
1.7MB
-
Sample
231003-x5sfnshb29
-
MD5
46a22f0849344f152364d921c3c28435
-
SHA1
44fb399a95aaddd99270fe73a8705f53c0f73b72
-
SHA256
1041ffa7fe11147bca657c7f9b58b76a63fab9bedd01e37726e7a5f9df72aed2
-
SHA512
a992ece8155f66b7d3ccf801961ae69af857dc7366bf096805700ce69e5305867db9c5b346074e14d83292daa7a72be5c2becf58565305684adc3bb9f0942e32
-
SSDEEP
24576:WwzT5gWn2HsJRx/6a9DhvhSCPhwtzZc7m6fgA7:dx/6a3vtqtu7m6
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
1.7MB
-
MD5
46a22f0849344f152364d921c3c28435
-
SHA1
44fb399a95aaddd99270fe73a8705f53c0f73b72
-
SHA256
1041ffa7fe11147bca657c7f9b58b76a63fab9bedd01e37726e7a5f9df72aed2
-
SHA512
a992ece8155f66b7d3ccf801961ae69af857dc7366bf096805700ce69e5305867db9c5b346074e14d83292daa7a72be5c2becf58565305684adc3bb9f0942e32
-
SSDEEP
24576:WwzT5gWn2HsJRx/6a9DhvhSCPhwtzZc7m6fgA7:dx/6a3vtqtu7m6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-