General
-
Target
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f
-
Size
357KB
-
Sample
240701-fqahwazgqn
-
MD5
44ceb5e892331709e7945eb77eb90c3e
-
SHA1
d6df5f1394f2d00e398dafb14e87ddd8d6547ceb
-
SHA256
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f
-
SHA512
099c45ef14c6b36bf7dc3535b1ae7e0f7a9e5bc18f13860a3f6ddc9551febe2a90cc1ceb00ada6d85ad0e4ec691eb7960bc121b52c61df730e50d43de40e1734
-
SSDEEP
6144:YUWmEaUHGYYbiDEvgmBGok2ZtTfvW+NUFLtq72XxTl/X8rfQvV+EMyHKIqNsLBTv:YtpaimbfW+NU/qwx5/srfQvV+EMyHKIF
Static task
static1
Behavioral task
behavioral1
Sample
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
77.91.77.6:24186
Targets
-
-
Target
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f
-
Size
357KB
-
MD5
44ceb5e892331709e7945eb77eb90c3e
-
SHA1
d6df5f1394f2d00e398dafb14e87ddd8d6547ceb
-
SHA256
64802b822518e9531aa9bbe7b681e07f48b2865892d9605fb88566b5523f392f
-
SHA512
099c45ef14c6b36bf7dc3535b1ae7e0f7a9e5bc18f13860a3f6ddc9551febe2a90cc1ceb00ada6d85ad0e4ec691eb7960bc121b52c61df730e50d43de40e1734
-
SSDEEP
6144:YUWmEaUHGYYbiDEvgmBGok2ZtTfvW+NUFLtq72XxTl/X8rfQvV+EMyHKIqNsLBTv:YtpaimbfW+NU/qwx5/srfQvV+EMyHKIF
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-