General
-
Target
562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9
-
Size
239KB
-
Sample
221206-b79l3sag7z
-
MD5
7c15b1a5ffca6ae48c44790b73fdddc1
-
SHA1
a908943457c6006e631e46854114f32d75a24e30
-
SHA256
562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9
-
SHA512
c607f869c68203e80cee54bcec42bd40911ab9ed44139201783a0def431026b2c3000b84790e3c8793d6555736da1552071bfc79a4c7602096fb0c1860726760
-
SSDEEP
3072:Zx+0gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATccmuxO:Zx+0gWg5Kq+PwQoHp0DoK2KJSTfqrhmW
Static task
static1
Behavioral task
behavioral1
Sample
562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9
-
Size
239KB
-
MD5
7c15b1a5ffca6ae48c44790b73fdddc1
-
SHA1
a908943457c6006e631e46854114f32d75a24e30
-
SHA256
562f06e1f2928a80082238b7bcfdbeb112dd96c4746617176d6a436c57bf05a9
-
SHA512
c607f869c68203e80cee54bcec42bd40911ab9ed44139201783a0def431026b2c3000b84790e3c8793d6555736da1552071bfc79a4c7602096fb0c1860726760
-
SSDEEP
3072:Zx+0gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATccmuxO:Zx+0gWg5Kq+PwQoHp0DoK2KJSTfqrhmW
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-