General
-
Target
2024-03-31_4f4cc4e3015cc199fecaf2fb4dee0047_icedid
-
Size
3.6MB
-
Sample
240331-3gywfaff29
-
MD5
4f4cc4e3015cc199fecaf2fb4dee0047
-
SHA1
ac090b49ede09a56925eaa25c591a865d581e8bb
-
SHA256
0181bce01c50a935f7edb4c1250abe2bf73a08cb93b2ca30916231178277d91b
-
SHA512
c4f19e40ae6e90bab4293b4f532c038639eb11a7372f8382c7480257c76fd927928d89f52c1a0c81cb1a4a4e51d0fc4580029b25990010e825587e36ae63af8c
-
SSDEEP
98304:xPR0leq5gXtFxlH56Y+PdBN0rAf3sKDWMLmV0DCN:tR0lelD4BtmV0D
Static task
static1
Behavioral task
behavioral1
Sample
2024-03-31_4f4cc4e3015cc199fecaf2fb4dee0047_icedid.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-03-31_4f4cc4e3015cc199fecaf2fb4dee0047_icedid.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
2024-03-31_4f4cc4e3015cc199fecaf2fb4dee0047_icedid
-
Size
3.6MB
-
MD5
4f4cc4e3015cc199fecaf2fb4dee0047
-
SHA1
ac090b49ede09a56925eaa25c591a865d581e8bb
-
SHA256
0181bce01c50a935f7edb4c1250abe2bf73a08cb93b2ca30916231178277d91b
-
SHA512
c4f19e40ae6e90bab4293b4f532c038639eb11a7372f8382c7480257c76fd927928d89f52c1a0c81cb1a4a4e51d0fc4580029b25990010e825587e36ae63af8c
-
SSDEEP
98304:xPR0leq5gXtFxlH56Y+PdBN0rAf3sKDWMLmV0DCN:tR0lelD4BtmV0D
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-