General
-
Target
3e4369969c86520f71fcca5caff0d2ee
-
Size
22KB
-
Sample
220922-2hwl2agdfn
-
MD5
3e4369969c86520f71fcca5caff0d2ee
-
SHA1
817acfb135f6283f2957f5ae74fd5821975cd06c
-
SHA256
0595057437ee037181e4886be7c1511e962ca5acf0117f5d2ff89430e927e2c8
-
SHA512
78e6d07999d6a47f75f0435238a4ee85065d79d1bcb1e9516b684c8e07e5452b9aa926789cf3560b358921d1759dbdb6a54beb027d53a93555f7cd082d644f92
-
SSDEEP
384:iEGmMYovA+BpQ2/UamwQvq2aTk2QEmXXm7BfeWuv:imRovqDsQn+feWuv
Static task
static1
Behavioral task
behavioral1
Sample
samples.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
samples.rtf
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
sirus
147.124.223.126:4444
Targets
-
-
Target
samples.doc
-
Size
15KB
-
MD5
dbae3a4ff8b3951aa2ff44102b81c11c
-
SHA1
7d6a187eef6f5b945731a8236c6d986ca506acd5
-
SHA256
2acf37ac90954e6867efa175fdaa73380735bc4104478d7f3d35beea43af6a3a
-
SHA512
74630c8534984ec5d1defdab1d8ccd697dc2980dbdb14858b75ac4add055672228effa0bcb24ea36d68bbc4df7dacb89290cc5d7e055ac380989f0e63de4e140
-
SSDEEP
192:XuIlMU3u6iCrJqTYPcM0ReohWtXsTdRgYdQpwbWRbtnn32+bUBm3Tt3C9e5PK:XuVg7iCrgUPUXgYupcWT/bnTpTi
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-