General
-
Target
malware_smoke_1691763279
-
Size
554KB
-
Sample
221004-ecbncabce8
-
MD5
ca2cd8533de9f083decbb6d5f4f069d8
-
SHA1
67d64cdf19835b9ce864d59d210c921661020396
-
SHA256
2dd0bfc0d560531b164d18f09e870fdb9b4985527813d7358914218546f83b45
-
SHA512
45b5f7130a8f4eafbf618ce5cfabf7a82efd68de39ef66044b977d548f43827e78e329757b18a95d1f82aed76132258c12d352983c38efeab2f26d5bf2964600
-
SSDEEP
12288:Yh39DmVKCSucwqKF1HaWQS03ULaHNqrxlKIQNoOGyaSn/:YhMJtpBkEaHNYK3s4/
Static task
static1
Behavioral task
behavioral1
Sample
malware_smoke_1691763279.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
malware_smoke_1691763279.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
5076357887
37.1.213.9:17292
-
auth_value
b1022b77a8ea3300a254df573b6fd16e
Targets
-
-
Target
malware_smoke_1691763279
-
Size
554KB
-
MD5
ca2cd8533de9f083decbb6d5f4f069d8
-
SHA1
67d64cdf19835b9ce864d59d210c921661020396
-
SHA256
2dd0bfc0d560531b164d18f09e870fdb9b4985527813d7358914218546f83b45
-
SHA512
45b5f7130a8f4eafbf618ce5cfabf7a82efd68de39ef66044b977d548f43827e78e329757b18a95d1f82aed76132258c12d352983c38efeab2f26d5bf2964600
-
SSDEEP
12288:Yh39DmVKCSucwqKF1HaWQS03ULaHNqrxlKIQNoOGyaSn/:YhMJtpBkEaHNYK3s4/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-