General
-
Target
sotema_7.txt.exe
-
Size
380KB
-
Sample
230122-28kbpaab52
-
MD5
b0486bfc2e579b49b0cacee12c52469c
-
SHA1
ac6eb40cc66eddd0589eb940e6a6ce06b00c7d30
-
SHA256
9057ba81960258a882dee4335d947f499adabfc59bfd99e2b5f56b508a01fbe2
-
SHA512
b7f55e346830e2a2ed99bd57bfd0cb66221675a6b0b23d35e5d7fac5eee0c3dfc771eed5fed410c2063410e048fe41765c880ebf0a48137f9135cf1d65951075
-
SSDEEP
6144:Q9Sl9qalveLsj2ebm0+wc9fc3ETdsfHXfD16gmiktKpRA3Is3LeEXB:KSl9qalveYj2ebm0bc9fc3EefHXfD16F
Static task
static1
Behavioral task
behavioral1
Sample
sotema_7.txt.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
sotema_7.txt.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
ServAni
87.251.71.195:82
Targets
-
-
Target
sotema_7.txt.exe
-
Size
380KB
-
MD5
b0486bfc2e579b49b0cacee12c52469c
-
SHA1
ac6eb40cc66eddd0589eb940e6a6ce06b00c7d30
-
SHA256
9057ba81960258a882dee4335d947f499adabfc59bfd99e2b5f56b508a01fbe2
-
SHA512
b7f55e346830e2a2ed99bd57bfd0cb66221675a6b0b23d35e5d7fac5eee0c3dfc771eed5fed410c2063410e048fe41765c880ebf0a48137f9135cf1d65951075
-
SSDEEP
6144:Q9Sl9qalveLsj2ebm0+wc9fc3ETdsfHXfD16gmiktKpRA3Is3LeEXB:KSl9qalveYj2ebm0bc9fc3EefHXfD16F
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-