General
-
Target
hBKKvc5PYJSJ.exe
-
Size
178KB
-
Sample
210621-tmv2z9rmkj
-
MD5
ea64fb745ef58010d1b9d7ac80f221d0
-
SHA1
7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
-
SHA256
191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
-
SHA512
2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550
Static task
static1
Behavioral task
behavioral1
Sample
hBKKvc5PYJSJ.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
hBKKvc5PYJSJ.exe
Resource
win10v20210410
Malware Config
Extracted
redline
z0rm1on
185.241.61.33:16195
Targets
-
-
Target
hBKKvc5PYJSJ.exe
-
Size
178KB
-
MD5
ea64fb745ef58010d1b9d7ac80f221d0
-
SHA1
7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
-
SHA256
191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
-
SHA512
2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-