General
-
Target
1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
-
Size
239KB
-
Sample
221205-282wqsae8y
-
MD5
efb5c47eabb4a0f02e9bf2cabc1c98a7
-
SHA1
eb5acc78a0c43b55b7e6e5a5189e6e98b7e812da
-
SHA256
1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
-
SHA512
552b5145b330b5696f61dba46be31a6521c1aedb506554db8348bc2140c0fefc2c37daf1f05588dd6864614fc0fce3112a72e201bc4afa6fe9ddf1f8c931fca0
-
SSDEEP
3072:Lx+Ugbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcImyxO:Lx+UgWg5Kq+PwQoHp0DoK2KJSTfqrhmm
Static task
static1
Behavioral task
behavioral1
Sample
1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
-
Size
239KB
-
MD5
efb5c47eabb4a0f02e9bf2cabc1c98a7
-
SHA1
eb5acc78a0c43b55b7e6e5a5189e6e98b7e812da
-
SHA256
1cf71ae51a11ab38ca05fbcf73f3c890fa81dc1e5d168c9db3576fcf02739a75
-
SHA512
552b5145b330b5696f61dba46be31a6521c1aedb506554db8348bc2140c0fefc2c37daf1f05588dd6864614fc0fce3112a72e201bc4afa6fe9ddf1f8c931fca0
-
SSDEEP
3072:Lx+Ugbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcImyxO:Lx+UgWg5Kq+PwQoHp0DoK2KJSTfqrhmm
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-