General
-
Target
de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
-
Size
239KB
-
Sample
221206-abj6wada3x
-
MD5
e78d8a619f24e1f5d332a16bb556c70a
-
SHA1
4f1d3998793dbd772dde0394e4c75d92abe7f6e6
-
SHA256
de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
-
SHA512
a76e905c639fe2633f6a315f617d3b5e38246d73a95fa19899b196d811485a96c434f2694003eaf1b28a8c9d81923d2c2419bb0a5859bb3edbef6b25aa6e52d1
-
SSDEEP
3072:8x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcHmwxO:8x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmz
Static task
static1
Behavioral task
behavioral1
Sample
de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
-
Size
239KB
-
MD5
e78d8a619f24e1f5d332a16bb556c70a
-
SHA1
4f1d3998793dbd772dde0394e4c75d92abe7f6e6
-
SHA256
de2dd32cbaf5684c416ec5b2b7b01b1f2484298523ce4afb1f2d91fa0f77a8b1
-
SHA512
a76e905c639fe2633f6a315f617d3b5e38246d73a95fa19899b196d811485a96c434f2694003eaf1b28a8c9d81923d2c2419bb0a5859bb3edbef6b25aa6e52d1
-
SSDEEP
3072:8x+Qgbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcHmwxO:8x+QgWg5Kq+PwQoHp0DoK2KJSTfqrhmz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-