General
-
Target
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
Size
875KB
-
Sample
211107-kpdlcshha8
-
MD5
6441aef8da572f0501246046025c003b
-
SHA1
522662a7e934e94afc6c42a73ddfaede2df82d3c
-
SHA256
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
SHA512
12ca37966fcaebabf1f5768f4d344c8838ec18e6adbbe5dc9c4b8dafc7e0d2323119706f61586cc8ec5bfbceb561968230efdd1bebe1880f7329e1243d8ae54c
Static task
static1
Behavioral task
behavioral1
Sample
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
next2
bigboobstop.store:34585
boyshipgir.site:34585
Targets
-
-
Target
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
Size
875KB
-
MD5
6441aef8da572f0501246046025c003b
-
SHA1
522662a7e934e94afc6c42a73ddfaede2df82d3c
-
SHA256
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
SHA512
12ca37966fcaebabf1f5768f4d344c8838ec18e6adbbe5dc9c4b8dafc7e0d2323119706f61586cc8ec5bfbceb561968230efdd1bebe1880f7329e1243d8ae54c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-