General
-
Target
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
Size
239KB
-
Sample
221205-xcn8jshg9t
-
MD5
bc2f3e2864833b29a8e144f5450bdce5
-
SHA1
d99c03bee4cc8c117c8bd24a143aeefed771bed6
-
SHA256
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
SHA512
eb17a5bd9cbdd045cebca3a50abd9db020ad06f22f1d50b74581c5327bc0d1655109065a202e5521ccee88d6bc0fe8c11c616d8444434acb4856aec271cc3507
-
SSDEEP
3072:ox+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcrm7xO:ox+2gWg5Kq+PwQoHp0DoK2KJSTfqrhm8
Static task
static1
Behavioral task
behavioral1
Sample
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
Size
239KB
-
MD5
bc2f3e2864833b29a8e144f5450bdce5
-
SHA1
d99c03bee4cc8c117c8bd24a143aeefed771bed6
-
SHA256
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
SHA512
eb17a5bd9cbdd045cebca3a50abd9db020ad06f22f1d50b74581c5327bc0d1655109065a202e5521ccee88d6bc0fe8c11c616d8444434acb4856aec271cc3507
-
SSDEEP
3072:ox+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcrm7xO:ox+2gWg5Kq+PwQoHp0DoK2KJSTfqrhm8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-