General
-
Target
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
-
Size
4.9MB
-
Sample
240325-cw8q3sge8z
-
MD5
287d2d8c6dc43061b992fd4767cac641
-
SHA1
bc6076dd3684d56476c4424e8e7b42d0a7e29d64
-
SHA256
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473
-
SHA512
180950864c8e87d6051c690df40a0af9f834f864bd7de0b497728b219102415018669f7ca7eeb0f51ed8d06eb475e19415e277e531e80b4d5b6e463846b6c112
-
SSDEEP
49152:CunOIh/VejoF8vwF/nluLRPct4whtfVKevv7m9gcQYPbH51a7zc60GtD:f/Veo8YF/nXMPbjAg60GtD
Static task
static1
Behavioral task
behavioral1
Sample
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
NewCrypt
193.233.133.152:35515
Targets
-
-
Target
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
-
Size
4.9MB
-
MD5
287d2d8c6dc43061b992fd4767cac641
-
SHA1
bc6076dd3684d56476c4424e8e7b42d0a7e29d64
-
SHA256
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473
-
SHA512
180950864c8e87d6051c690df40a0af9f834f864bd7de0b497728b219102415018669f7ca7eeb0f51ed8d06eb475e19415e277e531e80b4d5b6e463846b6c112
-
SSDEEP
49152:CunOIh/VejoF8vwF/nluLRPct4whtfVKevv7m9gcQYPbH51a7zc60GtD:f/Veo8YF/nXMPbjAg60GtD
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-