General
-
Target
Raven.exe
-
Size
637KB
-
Sample
240706-jhjy5a1clp
-
MD5
fdf3579f40fbd08ad74814f0608d17f6
-
SHA1
b67f6d5d27d0809e4961152a4f799f484185ca9d
-
SHA256
a469cb5ec9ad6345d3542c24edeec932de343bb72a131796bb607a133b2ddaea
-
SHA512
daf46b0b475efdaf5491ac264766ca144efbcb3157663bc7974d165303ff5535d6724d19e2fe9ac67771f4a25ac1167c5e2078b070758226cc216646d94591bc
-
SSDEEP
12288:/O7z8ppCB3Df8lFQ2K7/EjwqFlo+tJZGwOkwm3KHiKI6TmjsTjRwrpo8Wy8mdWqb:GapG8lq2g/yKyx
Static task
static1
Behavioral task
behavioral1
Sample
Raven.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
7182038265_99
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/id/993846634744/
Targets
-
-
Target
Raven.exe
-
Size
637KB
-
MD5
fdf3579f40fbd08ad74814f0608d17f6
-
SHA1
b67f6d5d27d0809e4961152a4f799f484185ca9d
-
SHA256
a469cb5ec9ad6345d3542c24edeec932de343bb72a131796bb607a133b2ddaea
-
SHA512
daf46b0b475efdaf5491ac264766ca144efbcb3157663bc7974d165303ff5535d6724d19e2fe9ac67771f4a25ac1167c5e2078b070758226cc216646d94591bc
-
SSDEEP
12288:/O7z8ppCB3Df8lFQ2K7/EjwqFlo+tJZGwOkwm3KHiKI6TmjsTjRwrpo8Wy8mdWqb:GapG8lq2g/yKyx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-