General
-
Target
04c532d817aa5b4296f288f0114bd59b.exe
-
Size
221KB
-
Sample
221130-wzxmrsdd46
-
MD5
04c532d817aa5b4296f288f0114bd59b
-
SHA1
15055f832c1f48f49442a8f6ea04c3c9af1c4b70
-
SHA256
21b95499e5fe5cac96f159d38927471984d90bdadc92d21584389631fd36c430
-
SHA512
88a140a40be1567ad95df404c4ba7b096f6f08887c588d112c2b4cc304012eb9fadbe01b06dbf4510fded913da81a801141a4fc324a7c0ac267177f1b4f2afc2
-
SSDEEP
3072:hFp5I7Z0wshvXXTy1rJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqj2gU:I7ZmJy7FUyf2AhZjwIN4I
Static task
static1
Behavioral task
behavioral1
Sample
04c532d817aa5b4296f288f0114bd59b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
04c532d817aa5b4296f288f0114bd59b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
04c532d817aa5b4296f288f0114bd59b.exe
-
Size
221KB
-
MD5
04c532d817aa5b4296f288f0114bd59b
-
SHA1
15055f832c1f48f49442a8f6ea04c3c9af1c4b70
-
SHA256
21b95499e5fe5cac96f159d38927471984d90bdadc92d21584389631fd36c430
-
SHA512
88a140a40be1567ad95df404c4ba7b096f6f08887c588d112c2b4cc304012eb9fadbe01b06dbf4510fded913da81a801141a4fc324a7c0ac267177f1b4f2afc2
-
SSDEEP
3072:hFp5I7Z0wshvXXTy1rJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqj2gU:I7ZmJy7FUyf2AhZjwIN4I
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-