General
-
Target
neisteri.exe
-
Size
1.6MB
-
Sample
210427-9mryt1q37e
-
MD5
d63342274863a51e0bccbc8a02af07c6
-
SHA1
db808470122b8c85f9fca9daf1008fb7d32df83e
-
SHA256
3f84fd562f0fa9c7c4100422fa695a550b273f0fbcc1499f421d0b1d451d6a6a
-
SHA512
a585af6a70111f27029e0a1375070124238d670e449a828396f3ca8a9300b41557470af2173fe9f11cc37d4a69f59f658fa022043ecfd7df876fe68033dc0c98
Static task
static1
Behavioral task
behavioral1
Sample
neisteri.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
neisteri.exe
Resource
win10v20210410
Malware Config
Extracted
redline
neisteri
194.147.142.46:19250
Targets
-
-
Target
neisteri.exe
-
Size
1.6MB
-
MD5
d63342274863a51e0bccbc8a02af07c6
-
SHA1
db808470122b8c85f9fca9daf1008fb7d32df83e
-
SHA256
3f84fd562f0fa9c7c4100422fa695a550b273f0fbcc1499f421d0b1d451d6a6a
-
SHA512
a585af6a70111f27029e0a1375070124238d670e449a828396f3ca8a9300b41557470af2173fe9f11cc37d4a69f59f658fa022043ecfd7df876fe68033dc0c98
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-