General
-
Target
1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
-
Size
239KB
-
Sample
221205-3lxtyabf51
-
MD5
8fa36c69a0face26443a005a1659edab
-
SHA1
f6c9f7bac5ec00d2f80f4c080af4aa02d6413c51
-
SHA256
1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
-
SHA512
a73f73016963d1e6227b405f95c7866d7e5908d4b7ff7cee93f92b7281be998474cec24671520e31ac0690c55a6f6894340051ddc77181debf29e02e101d5f05
-
SSDEEP
3072:fx+Igbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcLmrxO:fx+IgWg5Kq+PwQoHp0DoK2KJSTfqrhmM
Static task
static1
Behavioral task
behavioral1
Sample
1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
-
Size
239KB
-
MD5
8fa36c69a0face26443a005a1659edab
-
SHA1
f6c9f7bac5ec00d2f80f4c080af4aa02d6413c51
-
SHA256
1fd4b3b9a54e45324b05299e9c5b4e899781a30bb5c15df198863050665d0855
-
SHA512
a73f73016963d1e6227b405f95c7866d7e5908d4b7ff7cee93f92b7281be998474cec24671520e31ac0690c55a6f6894340051ddc77181debf29e02e101d5f05
-
SSDEEP
3072:fx+Igbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcLmrxO:fx+IgWg5Kq+PwQoHp0DoK2KJSTfqrhmM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-