General
-
Target
174047408DE41770494EF4CFDC6B4B75.exe
-
Size
374KB
-
Sample
240526-dwbl1sda7t
-
MD5
174047408de41770494ef4cfdc6b4b75
-
SHA1
be5d55981090e243d3fcf50195a4f8f52624d5c4
-
SHA256
f10e15ec0b0ed8ea201ac5f07b1bf547d3c592d3b1a359f564c8dc717dfca690
-
SHA512
45b818ce122388fca30146e1b788d30540da808adcd4881bae60026445896367ab6caeac6d082750703380e697a9dbaa1db9259660edfcdd2a518cb271a6ee58
-
SSDEEP
6144:yauvUJRc8Xk96UudPq/KvhvhNTbFCUFyw0eOz0wDmz6E6NgYnMfhlD16Xd9Cnx:yaOUJDUZu2wbueyxZM6z8hlD1H
Static task
static1
Behavioral task
behavioral1
Sample
174047408DE41770494EF4CFDC6B4B75.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
174047408DE41770494EF4CFDC6B4B75.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
6894345723_99
https://pastebin.com/raw/8baCJyMF
Targets
-
-
Target
174047408DE41770494EF4CFDC6B4B75.exe
-
Size
374KB
-
MD5
174047408de41770494ef4cfdc6b4b75
-
SHA1
be5d55981090e243d3fcf50195a4f8f52624d5c4
-
SHA256
f10e15ec0b0ed8ea201ac5f07b1bf547d3c592d3b1a359f564c8dc717dfca690
-
SHA512
45b818ce122388fca30146e1b788d30540da808adcd4881bae60026445896367ab6caeac6d082750703380e697a9dbaa1db9259660edfcdd2a518cb271a6ee58
-
SSDEEP
6144:yauvUJRc8Xk96UudPq/KvhvhNTbFCUFyw0eOz0wDmz6E6NgYnMfhlD16Xd9Cnx:yaOUJDUZu2wbueyxZM6z8hlD1H
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-