General
-
Target
a09d8d344d613574daa5fde816e909ce00226f245a759d96eeb5044ed885d6fe
-
Size
235KB
-
Sample
221205-rxyptshe49
-
MD5
7487778d076bd347fb88d082c7aa4944
-
SHA1
a3c9e1f48ebab805bbe3ff18873d87127a28104c
-
SHA256
a09d8d344d613574daa5fde816e909ce00226f245a759d96eeb5044ed885d6fe
-
SHA512
78445bc2104c548f308955a580d4241ee5d89e11672148ee5901f5fdb49cf50108a834563ca66f8f7f0c7c3034990a9f360c44b0a301686e013dd193d015e296
-
SSDEEP
6144:p+lYNxsOWg5Kq+PwQoHp0DoK2KJSTfqrhm6:p+lYzvAeQR2KJqfqrhm6
Static task
static1
Behavioral task
behavioral1
Sample
a09d8d344d613574daa5fde816e909ce00226f245a759d96eeb5044ed885d6fe.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
a09d8d344d613574daa5fde816e909ce00226f245a759d96eeb5044ed885d6fe
-
Size
235KB
-
MD5
7487778d076bd347fb88d082c7aa4944
-
SHA1
a3c9e1f48ebab805bbe3ff18873d87127a28104c
-
SHA256
a09d8d344d613574daa5fde816e909ce00226f245a759d96eeb5044ed885d6fe
-
SHA512
78445bc2104c548f308955a580d4241ee5d89e11672148ee5901f5fdb49cf50108a834563ca66f8f7f0c7c3034990a9f360c44b0a301686e013dd193d015e296
-
SSDEEP
6144:p+lYNxsOWg5Kq+PwQoHp0DoK2KJSTfqrhm6:p+lYzvAeQR2KJqfqrhm6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-