General
-
Target
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c
-
Size
1.0MB
-
Sample
220530-3s1jeabbgp
-
MD5
07fed12bfd9166a4f965f848c7172b04
-
SHA1
ebb25569a8ed53fc803ad6da6e25d06765340c38
-
SHA256
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c
-
SHA512
40da6d529abd89d380957635afadecf932c8bb12dd08ce83d53ff5f0b6bee52949f0aad7afc7eea5730b920d0fb55e4e57ab34db09aed36663eacd3684502327
Static task
static1
Behavioral task
behavioral1
Sample
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1010
135.181.123.52:21975
-
auth_value
2cdeb4fb37fd392a4ee4bf30ab711e38
Targets
-
-
Target
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c
-
Size
1.0MB
-
MD5
07fed12bfd9166a4f965f848c7172b04
-
SHA1
ebb25569a8ed53fc803ad6da6e25d06765340c38
-
SHA256
7231cf29f8c9926a6b276b19c6cae25e43330b4b914ba3abd9ebeabcfc7d605c
-
SHA512
40da6d529abd89d380957635afadecf932c8bb12dd08ce83d53ff5f0b6bee52949f0aad7afc7eea5730b920d0fb55e4e57ab34db09aed36663eacd3684502327
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-