General
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
146KB
-
Sample
221206-z4q8bsdh66
-
MD5
1a5367908b7ce9417920f763b3e5c163
-
SHA1
10110ee73034a15373f0b4980e089359fc44aced
-
SHA256
bae9a116017a1c965a90e5bccf2dfc2a8352ae4569b347d9c8aa63542e44a16a
-
SHA512
d5d72c0d94a5ee0b3dea222f8b7ca3a1c43fdd0f7dbb4b568568729c41b21d006824c81686e20887e990be92fa71ce95e85d5aba90d49162184245e74d19c6e3
-
SSDEEP
3072:3nOYsTjKU+1wVzMmY4ah4+P8XinDd3rhpRGPyuEJbCg:+YQ01Nh4uUylpCg
Static task
static1
Behavioral task
behavioral1
Sample
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
Size
239KB
-
MD5
d41cf20a6dfdce872e1fc78b554d4e63
-
SHA1
055c4e9b8ec14cb08532a3389c3f7539ceb983d9
-
SHA256
b3bfe485ea2ddd13c4b34ad2a5f3a94f494fb514521e5e458117178791bd5d28
-
SHA512
fb9600518aab4c68064a658f46f7424e4fc4686e458f9937192bf9bb2bb17c37826b69cf6dea4739facd7a8a1bfde8ba818d813fcccdd912886ff88a3bf3ea14
-
SSDEEP
3072:ix+2gbyg6H8xK/q+PwjUoHp0DCe8K/1IzKbVR4TfGRrhqZIATcRm9xO:ix+2gWg5Kq+PwQoHp0DoK2KJSTfqrhmQ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-