General
-
Target
PurchaseOrder.exe
-
Size
7KB
-
Sample
220523-x1g45schg7
-
MD5
66b576fb4396e4a99e56f3c9353608e6
-
SHA1
2eb130d83c4fc8f90ed9f1b8d3c3884cb3d92b5a
-
SHA256
74e20a8b9a548b26166b46bef5b9a8b89b54dc445c3818fe2adfaa6b9ee6369c
-
SHA512
dc459e094e891c5f5b8ea30bec367015aa533f73f32d08797e92bad9b40c42a7023a5cd31ddacc4bfda4ad930ca897276e21f653c6380ed151644c128bb24ff0
Static task
static1
Behavioral task
behavioral1
Sample
PurchaseOrder.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PurchaseOrder.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
love
101.99.93.62:43200
Targets
-
-
Target
PurchaseOrder.exe
-
Size
7KB
-
MD5
66b576fb4396e4a99e56f3c9353608e6
-
SHA1
2eb130d83c4fc8f90ed9f1b8d3c3884cb3d92b5a
-
SHA256
74e20a8b9a548b26166b46bef5b9a8b89b54dc445c3818fe2adfaa6b9ee6369c
-
SHA512
dc459e094e891c5f5b8ea30bec367015aa533f73f32d08797e92bad9b40c42a7023a5cd31ddacc4bfda4ad930ca897276e21f653c6380ed151644c128bb24ff0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-