General
-
Target
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
Size
146KB
-
Sample
221205-xhpfhafc35
-
MD5
7340f659fb21245f4ea5d1853e1f7fb8
-
SHA1
e2ce84d113b51bb3719198d30008fa6665d4f881
-
SHA256
c2cd67ea2665458ceb874f9dc38fc27130fa337f9a15390da6a08197a4662108
-
SHA512
5a813787924442af0f0477b620aae330496c3fab43c2d782c4cfafaf59a589a291b72602119a079f176f0fa0d83a8bdd8f4207d201aea5238ff0b7094c0f19c0
-
SSDEEP
3072:/XpK87pgxw2tQqyJU8X4a57Ygri5qWoqcE7WyR6ZjO2nnxcSv:/XMDDnkU64alri5qWkHQNSv
Static task
static1
Behavioral task
behavioral1
Sample
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
Size
239KB
-
MD5
bc2f3e2864833b29a8e144f5450bdce5
-
SHA1
d99c03bee4cc8c117c8bd24a143aeefed771bed6
-
SHA256
da942747310d667880bef3d46ba2e41e7133398af7e849015c2743e3d35e09f5
-
SHA512
eb17a5bd9cbdd045cebca3a50abd9db020ad06f22f1d50b74581c5327bc0d1655109065a202e5521ccee88d6bc0fe8c11c616d8444434acb4856aec271cc3507
-
SSDEEP
3072:ox+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcrm7xO:ox+2gWg5Kq+PwQoHp0DoK2KJSTfqrhm8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-