General
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
146KB
-
Sample
221206-bzpa6sfc76
-
MD5
f99292cdca37b094f00a1d4923b11efe
-
SHA1
c5f05e83bc5f5fd291b77a3694bbb0f014e84917
-
SHA256
d288a7fd07191acb917c5e46a9e2544aa72e164b07f9e9c169d080f0e391824c
-
SHA512
1f874b7b63f1d69d8e74135bddefd1a2d33b45e76b940eca4f99e541bde52e06c5db0d67a0a57a24144ae75d75be80ae14fa153c0d9d61000f36f8659d43a714
-
SSDEEP
3072:TnOYsTjKU+1wVzMmY4ah4+P8XinDd3rhpRGPyuEJbCI:yYQ01Nh4uUylpCI
Static task
static1
Behavioral task
behavioral1
Sample
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
239KB
-
MD5
d41cf20a6dfdce872e1fc78b554d4e63
-
SHA1
055c4e9b8ec14cb08532a3389c3f7539ceb983d9
-
SHA256
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
SHA512
fb9600518aab4c68064a658f46f7424e4fc4686e458f9937192bf9bb2bb17c37826b69cf6dea4739facd7a8a1bfde8ba818d813fcccdd912886ff88a3bf3ea14
-
SSDEEP
3072:ix+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcRm9xO:ix+2gWg5Kq+PwQoHp0DoK2KJSTfqrhmQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-