General
-
Target
c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788
-
Size
131KB
-
Sample
221206-dhtknscc5w
-
MD5
2e1651be4a756ad7a4ab2e8408ada4d3
-
SHA1
f5ca89d62de7b24c4af8ba6dd9e867517e6d91fc
-
SHA256
755c38846a19518c0aae07f728e967c4117e6347028b88971a8fc320b5039cfe
-
SHA512
a90db99ac4b24078c59064e2f4a5d396706dee75afa023d5f7718e5f47ab8df679ee32b53d99f70e68c0b0353ddfe5c774719a160fd720903f8de9a2dce6110c
-
SSDEEP
3072:rDShwquRxButYEOoAzyyjaQCIvBLm3me0Jt:H2cBSYEOTzyyjKEBLifm
Static task
static1
Behavioral task
behavioral1
Sample
c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
@2023
79.137.192.28:20723
-
auth_value
93b4b7d0dc8e9415e261a402587c6710
Targets
-
-
Target
c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788
-
Size
277KB
-
MD5
68ea97a6369144650688c2110b4b3795
-
SHA1
931416ef15cb3b3cd564977aea4305a94265a9d1
-
SHA256
c094276a519d7f652f230b5a46a755f9bdcf44d52dcb6c02d5f8bb095f658788
-
SHA512
c80edb56f18706a247d04357591d382461a26467ba31897e2653c0c7756c0d7a98cd05c9bd4cad5ec0e1827c6744ecff57c33ea2299f886db74193b4f584dac7
-
SSDEEP
3072:FLjOlXj0I/hH3RvM+4UU5i7SVx/n8p+izFgTWe+kxO:FLSlXj0I/4nFzP8p+8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-