General
-
Target
215db9a5c90ba00495e572c6332e89c3
-
Size
31KB
-
Sample
221004-x18l4acchq
-
MD5
215db9a5c90ba00495e572c6332e89c3
-
SHA1
bcfdb2aa01341bb0f647558f17e4f83b232ac45a
-
SHA256
20fe4eed54de7b262b793fedab0f83327c7c5f251c237aac6ca6a1747ce649c0
-
SHA512
cd46e20d16ce7134b1c83e207f788f55a8d434291695779fde712095daaaf66799a290f3cf19619950a4f3216c5a5c5fb4d6a46160ccf7ccd124e6ab10d38d25
-
SSDEEP
384:JZDXgy939zwwnCaYrjWTYeX8FgNiJgpGDITf93ivPEAwbtOhL5wJGJ:TP93ZfmSTtRiJ9ITf93ivMAwZMO0J
Malware Config
Extracted
redline
sirus
147.124.223.126:4444
Targets
-
-
Target
Cheque details.doc
-
Size
13KB
-
MD5
7297ca873f2fce33b20125f61ab9dfd4
-
SHA1
60d12cb1bb8612ea5c6339eb8d5661fb707ebc63
-
SHA256
a0f43ff0cb2f39ccd74862e12655ee3bbfbb1cde3909dd006931f5dd76923d4e
-
SHA512
ac87bf9527fff43c3680c9c2d1ed0e0ecb40720b4aef17a707ff2553484c69548fda10db4ee77b6536f7bf88955fc35e159a049ea74fc7d8d811a12fa26c4760
-
SSDEEP
384:Yr0L517bfeiHUIWZhMtJqxM+OkjyReEO26:Yi55KT3kkNML6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-