General
-
Target
e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
-
Size
145KB
-
Sample
221205-w4svdaha6y
-
MD5
198660c5963a408de327ca380988397e
-
SHA1
c0df3bfd3d5230bcb57913f9e17398ea23e20572
-
SHA256
d5d6c066ef44f41d96a1de2d6090c5a66b955eb9242ba71b6e44972541d96bd7
-
SHA512
4d455b555e502786e84c04d398e7481941eb94ed9a46d71f42c85ef9d004a52f7152957e596b52e097a7eb53ad2aa3bd0c947435464f34133d591a94d36bd92f
-
SSDEEP
3072:LzjoQXcMPhNCjiljhBNiJLLcMCEosy6QdZuf3r9K4l0fY:LzjoQXrPhNYilNBNvMCE37Yqo4ug
Static task
static1
Behavioral task
behavioral1
Sample
e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
-
Size
235KB
-
MD5
a5e8ed73ce62bac965db83c132c38efa
-
SHA1
ae0c9bde239412faa23ab2b7d2e57c582fda98be
-
SHA256
e03d91f51a1d53b2bf6a2e08499c93948f59a0136b2fb07b0caae365302367c4
-
SHA512
c8346d724216a63c9c8ac1261dda488ed5e7e40660fd707d54a70442d1b2529225e254178846c790defddfd0ce7aafd00ad9bba772227bc7d0a18f1d65278dcb
-
SSDEEP
6144:t+lYNxCOWg5Kq+PwQoHp0DoK2KJSTfqrhmY:t+lYzNAeQR2KJqfqrhmY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-