General
-
Target
9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
-
Size
1.0MB
-
Sample
220104-la97fsgab4
-
MD5
85dde45316f09ce3d63d43de2c729315
-
SHA1
f559f0b629440cdbfab32d2b6af878677f95a9e3
-
SHA256
9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
-
SHA512
b9340f9c2e93d19ab4b1c307fb063d2dd9e25e08af2976e992c3fda0e34b79e7aa0ff461cf0109dd70e53dd2512df6d121436b47a8e4d4647e2dad819265d767
Static task
static1
Behavioral task
behavioral1
Sample
9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
185.215.113.57:50723
Extracted
redline
cheat
45.147.196.146:6213
Extracted
raccoon
e9f10fade0328e7cef5c9f5bf00076086ba5a8a1
-
url4cnc
http://91.219.236.18/baldandbankrupt1
http://194.180.174.41/baldandbankrupt1
http://91.219.236.148/baldandbankrupt1
https://t.me/baldandbankrupt1
Targets
-
-
Target
9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
-
Size
1.0MB
-
MD5
85dde45316f09ce3d63d43de2c729315
-
SHA1
f559f0b629440cdbfab32d2b6af878677f95a9e3
-
SHA256
9f01d6660caba583e7ac2dbf9fac6ffed47576035e2b1aa9dd95ec6b59a3d04e
-
SHA512
b9340f9c2e93d19ab4b1c307fb063d2dd9e25e08af2976e992c3fda0e34b79e7aa0ff461cf0109dd70e53dd2512df6d121436b47a8e4d4647e2dad819265d767
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-