General
-
Target
ssd.png
-
Size
189KB
-
Sample
221108-t338lsfhh3
-
MD5
74924eb004372ba62befb92a73572b4d
-
SHA1
2505266d088cfdfff862f2a4c219151e14769590
-
SHA256
c1df13755746263aedc11548180b52df82d48f7903760c772ec028f256cc8b5e
-
SHA512
ef1056774907f9c175ca3c4710f0f9f43da52ba9b882ba80c4229fd99783414fdf030f12980eda69e2b16df60e0e0fae0bb34fbf9a7837ba0a15a31e31c091a6
-
SSDEEP
1536:ceVNQRmjHTF82+ZQNLuNo2hcy9q0t4E1ouZZ/BDJ4aggHDQjlNeMdsoYyplbTmYJ:cRRIqWuDJ4aggUhVhxbiBKqdA/kjlYJd
Static task
static1
Behavioral task
behavioral1
Sample
ssd.ps1
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ssd.ps1
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://62.204.41.235/red.png
Extracted
redline
$
62.204.41.34:1188
-
auth_value
bbb8c6d9124694fed57447b1568ddeec
Targets
-
-
Target
ssd.png
-
Size
189KB
-
MD5
74924eb004372ba62befb92a73572b4d
-
SHA1
2505266d088cfdfff862f2a4c219151e14769590
-
SHA256
c1df13755746263aedc11548180b52df82d48f7903760c772ec028f256cc8b5e
-
SHA512
ef1056774907f9c175ca3c4710f0f9f43da52ba9b882ba80c4229fd99783414fdf030f12980eda69e2b16df60e0e0fae0bb34fbf9a7837ba0a15a31e31c091a6
-
SSDEEP
1536:ceVNQRmjHTF82+ZQNLuNo2hcy9q0t4E1ouZZ/BDJ4aggHDQjlNeMdsoYyplbTmYJ:cRRIqWuDJ4aggUhVhxbiBKqdA/kjlYJd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-