General
-
Target
7d894c6acba11d5280e7183805c11c36a7dd93ef4f650a2671c827fa59265a37_JC.exe
-
Size
1.3MB
-
Sample
231011-gtq6gafg63
-
MD5
6d52fc20fc9abf70dcdefb26ac76a19e
-
SHA1
e6434e73d48f6daf0d5652140e777787d05b67b7
-
SHA256
7d894c6acba11d5280e7183805c11c36a7dd93ef4f650a2671c827fa59265a37
-
SHA512
83a4e7cb8936b45f46f069ce63d6027a38ff7364290d2f8c4105f931c6923737415f51f20bc7890bc32d3de107f02e3aebecd62788d10c426e0e6d641d79642e
-
SSDEEP
12288:oPILgRCayLp4PHmYObr/Fbg7BrcO0Ff1siF4o1R8nSXVuZxM2YiUW6byF6kmq96:jg9yLp0HmYObBpsiWo/8MEUMmq96
Malware Config
Extracted
redline
LegendaryInstalls_20230918
62.72.23.19:80
-
auth_value
7e2e28855818d91285389c56372566f4
Targets
-
-
Target
7d894c6acba11d5280e7183805c11c36a7dd93ef4f650a2671c827fa59265a37_JC.exe
-
Size
1.3MB
-
MD5
6d52fc20fc9abf70dcdefb26ac76a19e
-
SHA1
e6434e73d48f6daf0d5652140e777787d05b67b7
-
SHA256
7d894c6acba11d5280e7183805c11c36a7dd93ef4f650a2671c827fa59265a37
-
SHA512
83a4e7cb8936b45f46f069ce63d6027a38ff7364290d2f8c4105f931c6923737415f51f20bc7890bc32d3de107f02e3aebecd62788d10c426e0e6d641d79642e
-
SSDEEP
12288:oPILgRCayLp4PHmYObr/Fbg7BrcO0Ff1siF4o1R8nSXVuZxM2YiUW6byF6kmq96:jg9yLp0HmYObBpsiWo/8MEUMmq96
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-