General
-
Target
8a92e21b6a8368b36284887e79a364cd9c2fb36cd934f70d7411bea6270d64f3.exe
-
Size
3.0MB
-
Sample
240504-bww7lscg28
-
MD5
4df8bc2bbe062d538820d36a4b161d6e
-
SHA1
c6ac2e75209c14ba202d2918551577f2f63c93c8
-
SHA256
8a92e21b6a8368b36284887e79a364cd9c2fb36cd934f70d7411bea6270d64f3
-
SHA512
f5a6444bb2654f7273c4cfd3ade000641d56804bde4d525eee45999ed67cec1ff8a7f6821087de785e6435e9b481cb3a0d63033dcfe9b38c8d4cb1425f988092
-
SSDEEP
24576:iVJ1WqW26/5n3q9ofMRSmzqWqsrIZCikczEt33FcRAjttKz6GkwgwkIFjANesf:ohY53qSEFqWR8ZCibzglBGkwgwXENV
Malware Config
Extracted
redline
123
194.36.178.33:37732
Targets
-
-
Target
8a92e21b6a8368b36284887e79a364cd9c2fb36cd934f70d7411bea6270d64f3.exe
-
Size
3.0MB
-
MD5
4df8bc2bbe062d538820d36a4b161d6e
-
SHA1
c6ac2e75209c14ba202d2918551577f2f63c93c8
-
SHA256
8a92e21b6a8368b36284887e79a364cd9c2fb36cd934f70d7411bea6270d64f3
-
SHA512
f5a6444bb2654f7273c4cfd3ade000641d56804bde4d525eee45999ed67cec1ff8a7f6821087de785e6435e9b481cb3a0d63033dcfe9b38c8d4cb1425f988092
-
SSDEEP
24576:iVJ1WqW26/5n3q9ofMRSmzqWqsrIZCikczEt33FcRAjttKz6GkwgwkIFjANesf:ohY53qSEFqWR8ZCibzglBGkwgwXENV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-