General
-
Target
1414.exe
-
Size
9.4MB
-
Sample
220819-v5v6fsgdep
-
MD5
b4dd84afe826afd4e1b877a7c16b7303
-
SHA1
0f8a707ef90044894568f55354ce139c2f4ef1f2
-
SHA256
c95b0afd68c2f57b3cc9982b0e43f08d51e733199705d80d7c0207ea19981abf
-
SHA512
09773c860227499505626a91bcfe69d6dc29b3a83901308a275c92473347d95befffb777f6919596cf77b52f2836803ebe803dbce4b84f984bc638860e9bfe0e
-
SSDEEP
196608:zlp7uPLn/RNrlHAjoG+IGCsXDjDyf8H2WliXYrHW1LmFDXvCbfc+nGga:KPDZxlHOFGCEDtH2ciIrHWRSDXvCbUqY
Behavioral task
behavioral1
Sample
1414.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
1877
overthinker1877.duckdns.org:60732
Targets
-
-
Target
1414.exe
-
Size
9.4MB
-
MD5
b4dd84afe826afd4e1b877a7c16b7303
-
SHA1
0f8a707ef90044894568f55354ce139c2f4ef1f2
-
SHA256
c95b0afd68c2f57b3cc9982b0e43f08d51e733199705d80d7c0207ea19981abf
-
SHA512
09773c860227499505626a91bcfe69d6dc29b3a83901308a275c92473347d95befffb777f6919596cf77b52f2836803ebe803dbce4b84f984bc638860e9bfe0e
-
SSDEEP
196608:zlp7uPLn/RNrlHAjoG+IGCsXDjDyf8H2WliXYrHW1LmFDXvCbfc+nGga:KPDZxlHOFGCEDtH2ciIrHWRSDXvCbUqY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-