General
-
Target
file.exe
-
Size
2.5MB
-
Sample
221130-wjlwbscc45
-
MD5
7956f1b82613ba7dfa2d465115fbaee0
-
SHA1
8d477c1ed6853d17acb04e3d2fcd7412d41daf40
-
SHA256
85b562c807e51bc50df82619640d3272647a30edf5fe3cf78441c0977c92b469
-
SHA512
3bbbcbacb79e7333452b40f922eacfe81a63da80035a33fe285796b688455e448569d854b2cb15d2ef1244a4652d877d74899dd845a26ff1f4b9b31138eab70d
-
SSDEEP
24576:GRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqklvgdmVuQb:Mjh3E7nVoYDv/3Dpflkm/
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
file.exe
-
Size
2.5MB
-
MD5
7956f1b82613ba7dfa2d465115fbaee0
-
SHA1
8d477c1ed6853d17acb04e3d2fcd7412d41daf40
-
SHA256
85b562c807e51bc50df82619640d3272647a30edf5fe3cf78441c0977c92b469
-
SHA512
3bbbcbacb79e7333452b40f922eacfe81a63da80035a33fe285796b688455e448569d854b2cb15d2ef1244a4652d877d74899dd845a26ff1f4b9b31138eab70d
-
SSDEEP
24576:GRjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqklvgdmVuQb:Mjh3E7nVoYDv/3Dpflkm/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-