General
-
Target
LANDCR~1.exe
-
Size
1.6MB
-
Sample
210727-l3ztnkckfx
-
MD5
7644b3b862345e74b5268729d5d6cf69
-
SHA1
22d9466b985152d0232952068e5521d31e7118ff
-
SHA256
08ead398177de9c15b3f4d83f473d42b30c5ded988e3c7ba103813f4c4cf663a
-
SHA512
fe809cb1370b5a1a0b1daf1b9e0da20883c1562549425b292395a3946c57f0df5f979d5e14fe7fe88b05076ed2467703277e92e3be782045b094e85bcb3ec13c
Static task
static1
Behavioral task
behavioral1
Sample
LANDCR~1.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
LANDCR~1.exe
Resource
win10v20210410
Malware Config
Extracted
redline
Build1
45.142.213.135:30059
Targets
-
-
Target
LANDCR~1.exe
-
Size
1.6MB
-
MD5
7644b3b862345e74b5268729d5d6cf69
-
SHA1
22d9466b985152d0232952068e5521d31e7118ff
-
SHA256
08ead398177de9c15b3f4d83f473d42b30c5ded988e3c7ba103813f4c4cf663a
-
SHA512
fe809cb1370b5a1a0b1daf1b9e0da20883c1562549425b292395a3946c57f0df5f979d5e14fe7fe88b05076ed2467703277e92e3be782045b094e85bcb3ec13c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-