General
-
Target
Setup.exe
-
Size
660KB
-
Sample
221129-jcd6pahb22
-
MD5
4de478e4b6f32014db0bdc2eff5f73cd
-
SHA1
9a1ff93bf2d80107c530f71b90afbaf0d23e9af8
-
SHA256
a161eb165c4656e540e79f0571d6e32a0bffb77e65b889e53f2cc87f3ff3cc60
-
SHA512
8b62aa044c008f62db118f571a3b0d67ecce5d54465205cda59575f39ea7abf61067689273df7e8a1b15acd3dcf186aff742c594bfcf91e4de16cc11bac04000
-
SSDEEP
12288:XeB8hEY8qW9XZ/sFDj8MQNTVdKr6jFlJ3RDCMn9isLV8sN:XhLWf/stQtlfXPNCMtLysN
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
USA
109.107.191.169:34067
-
auth_value
efb1b17e182f1e7cdb54a3e91436c48c
Targets
-
-
Target
Setup.exe
-
Size
660KB
-
MD5
4de478e4b6f32014db0bdc2eff5f73cd
-
SHA1
9a1ff93bf2d80107c530f71b90afbaf0d23e9af8
-
SHA256
a161eb165c4656e540e79f0571d6e32a0bffb77e65b889e53f2cc87f3ff3cc60
-
SHA512
8b62aa044c008f62db118f571a3b0d67ecce5d54465205cda59575f39ea7abf61067689273df7e8a1b15acd3dcf186aff742c594bfcf91e4de16cc11bac04000
-
SSDEEP
12288:XeB8hEY8qW9XZ/sFDj8MQNTVdKr6jFlJ3RDCMn9isLV8sN:XhLWf/stQtlfXPNCMtLysN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-