General
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
239KB
-
Sample
221206-bebjksga9z
-
MD5
d41cf20a6dfdce872e1fc78b554d4e63
-
SHA1
055c4e9b8ec14cb08532a3389c3f7539ceb983d9
-
SHA256
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
SHA512
fb9600518aab4c68064a658f46f7424e4fc4686e458f9937192bf9bb2bb17c37826b69cf6dea4739facd7a8a1bfde8ba818d813fcccdd912886ff88a3bf3ea14
-
SSDEEP
3072:ix+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcRm9xO:ix+2gWg5Kq+PwQoHp0DoK2KJSTfqrhmQ
Static task
static1
Behavioral task
behavioral1
Sample
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
239KB
-
MD5
d41cf20a6dfdce872e1fc78b554d4e63
-
SHA1
055c4e9b8ec14cb08532a3389c3f7539ceb983d9
-
SHA256
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
SHA512
fb9600518aab4c68064a658f46f7424e4fc4686e458f9937192bf9bb2bb17c37826b69cf6dea4739facd7a8a1bfde8ba818d813fcccdd912886ff88a3bf3ea14
-
SSDEEP
3072:ix+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcRm9xO:ix+2gWg5Kq+PwQoHp0DoK2KJSTfqrhmQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-