General
-
Target
software (1717).zip
-
Size
18.1MB
-
Sample
241021-h8vymsvcle
-
MD5
8542601101a3c2993654f98af20b29c4
-
SHA1
e467f452b9876d61eb2f41b223de871261733c56
-
SHA256
da052162ab06a4fae3b0b8010e72f2d7973608b8a965bc9612a84ce88b291981
-
SHA512
d36827edb0d7245268c97f0c04fc27453a4ad49278ddca7793759f59358386d3dd70b45e2d9563de182c5528d8cf6e1a719eda10bf0cc63050c6ae4264540f92
-
SSDEEP
393216:5nh1E17jJMz8zUBuOc17QZVrQ/kN+g4Har099PE+/y5kjw265VEVk:5zEVXt17G5Q/IrE/85265wk
Static task
static1
Behavioral task
behavioral1
Sample
wallet_finder.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
@verhsa
185.215.113.22:80
Targets
-
-
Target
wallet_finder.exe
-
Size
313KB
-
MD5
1c526e48990563961feefd31cdc1777c
-
SHA1
7dccc1ec57f6ea948866a974344fe88a44f90886
-
SHA256
5535cc5ca14c54717e12128b3152e57f1e5171dc094e6259e2e0f754f9026d8d
-
SHA512
537afe67d7ee288e341d52ea22599bd8f258d9d6f402566ca8d08434a1974cf44e0b6a37003083b22a4a1151921a76b0cff424df30ed99238a41888d81a51870
-
SSDEEP
6144:1bcsgYsLcP1Vosa9Z+amIFethWBIWteSze0ryzS1nI+N:hckrP1Vosa9Q5thWTXryzS1nI+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-