General
-
Target
7ba979859d722641315c12092cbc726b.exe
-
Size
235KB
-
Sample
221206-hqx1aadd39
-
MD5
7ba979859d722641315c12092cbc726b
-
SHA1
51a56513957c52d90008a159318604a43eec1334
-
SHA256
f22497436cc7e0f76e35c44966bb4648a88870e2c9136e7f1e872eadcee5d4ec
-
SHA512
d1eac236c98516eed65707e20902750ed2bbcd7e831cd4f5ba861cf1025f8f8d760bc960fdd68359280114c9c3295d91bccd58709fbb60e46d200f86841620a0
-
SSDEEP
6144:++lYNx2OWg5Kq+PwQoHp0DoK2KJSTfqrhmb:++lYzRAeQR2KJqfqrhmb
Static task
static1
Behavioral task
behavioral1
Sample
7ba979859d722641315c12092cbc726b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7ba979859d722641315c12092cbc726b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
7ba979859d722641315c12092cbc726b.exe
-
Size
235KB
-
MD5
7ba979859d722641315c12092cbc726b
-
SHA1
51a56513957c52d90008a159318604a43eec1334
-
SHA256
f22497436cc7e0f76e35c44966bb4648a88870e2c9136e7f1e872eadcee5d4ec
-
SHA512
d1eac236c98516eed65707e20902750ed2bbcd7e831cd4f5ba861cf1025f8f8d760bc960fdd68359280114c9c3295d91bccd58709fbb60e46d200f86841620a0
-
SSDEEP
6144:++lYNx2OWg5Kq+PwQoHp0DoK2KJSTfqrhmb:++lYzRAeQR2KJqfqrhmb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-