General
-
Target
a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
-
Size
239KB
-
Sample
221206-cjebpsbc6x
-
MD5
f53740a0a41ab68520c565b0d7d37037
-
SHA1
a123c999491f11846753f964488904d7c6e986fa
-
SHA256
a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
-
SHA512
672b4c7fcead98adccb13e26a9c1f2cbde741872a834bd42ec41810331ef0e2f69a21784df887b8eea81fb1966957a427ab6a334811ce3b39b0175e4b6762a3a
-
SSDEEP
3072:Vx+4gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATc1m/xO:Vx+4gWg5Kq+PwQoHp0DoK2KJSTfqrhmq
Static task
static1
Behavioral task
behavioral1
Sample
a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
-
Size
239KB
-
MD5
f53740a0a41ab68520c565b0d7d37037
-
SHA1
a123c999491f11846753f964488904d7c6e986fa
-
SHA256
a13d81c5ad0ad93414a6424b001fe7bc037bacc9441ce8a554caf85e500633ec
-
SHA512
672b4c7fcead98adccb13e26a9c1f2cbde741872a834bd42ec41810331ef0e2f69a21784df887b8eea81fb1966957a427ab6a334811ce3b39b0175e4b6762a3a
-
SSDEEP
3072:Vx+4gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATc1m/xO:Vx+4gWg5Kq+PwQoHp0DoK2KJSTfqrhmq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-