General
-
Target
SivaV2.exe
-
Size
356KB
-
Sample
240628-qyx91svfpq
-
MD5
f9742d4c0fd17e9bb51b38a4014ac254
-
SHA1
4b2236586231f271e3296ae4e5a9758f64791604
-
SHA256
0a9ecee73d6b9634f10e72bbce2bbab8661ad29da393bc309e4f20cf5fd3f9e2
-
SHA512
bcf8c4597c3a2baef024e5fd4f582a8d6fa08ba33014e298954743615945cae284407dc8dd101dead4715edaec0da0304356f17dfeba2f659dfbfe95c4659ac7
-
SSDEEP
6144:D/YJ0Pw7T3cAkIRPxEzbC0PwwZZE97TQSdx63MVxDlVyxiqT5N9kTbTtlA5rB0nm:7YJOw3aePxSbrPS5x63MVxDlVyxiqT5p
Static task
static1
Behavioral task
behavioral1
Sample
SivaV2.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
SivaV2.exe
-
Size
356KB
-
MD5
f9742d4c0fd17e9bb51b38a4014ac254
-
SHA1
4b2236586231f271e3296ae4e5a9758f64791604
-
SHA256
0a9ecee73d6b9634f10e72bbce2bbab8661ad29da393bc309e4f20cf5fd3f9e2
-
SHA512
bcf8c4597c3a2baef024e5fd4f582a8d6fa08ba33014e298954743615945cae284407dc8dd101dead4715edaec0da0304356f17dfeba2f659dfbfe95c4659ac7
-
SSDEEP
6144:D/YJ0Pw7T3cAkIRPxEzbC0PwwZZE97TQSdx63MVxDlVyxiqT5N9kTbTtlA5rB0nm:7YJOw3aePxSbrPS5x63MVxDlVyxiqT5p
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-