General
-
Target
ROR.exe
-
Size
1.7MB
-
Sample
221111-236mqsfc7v
-
MD5
85ea4565608d2f6c35decb6ed8547749
-
SHA1
e15ae6c93c9e998b030609fdf4b3274925694229
-
SHA256
f6706aafbeb4e8e10478bb1fd5b171e2f7f13399416344aba46233593e6f5d69
-
SHA512
762b5e5293067c484ca54fa297f5770217275a7594083b64b15ed65955f64ba158bbf58a7713419c2dc15d265a7bf8c85b4f11c8fd27e62ba21f429493df4dd5
-
SSDEEP
24576:WVCrlD3LeNOUaHfxaBXjVId3tgErJsF36RYioPHdo/SQE9AoA5:Wut0jaH5gkxdsF3TPdo/rE9AP
Static task
static1
Behavioral task
behavioral1
Sample
ROR.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ROR.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@NoxyCloud
85.192.63.57:34210
-
auth_value
20dc074852db65a2b74addf964cf576e
Targets
-
-
Target
ROR.exe
-
Size
1.7MB
-
MD5
85ea4565608d2f6c35decb6ed8547749
-
SHA1
e15ae6c93c9e998b030609fdf4b3274925694229
-
SHA256
f6706aafbeb4e8e10478bb1fd5b171e2f7f13399416344aba46233593e6f5d69
-
SHA512
762b5e5293067c484ca54fa297f5770217275a7594083b64b15ed65955f64ba158bbf58a7713419c2dc15d265a7bf8c85b4f11c8fd27e62ba21f429493df4dd5
-
SSDEEP
24576:WVCrlD3LeNOUaHfxaBXjVId3tgErJsF36RYioPHdo/SQE9AoA5:Wut0jaH5gkxdsF3TPdo/rE9AP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-