General
-
Target
Redline_20_2_crack.zip
-
Size
17.0MB
-
Sample
230129-edrqyshf72
-
MD5
29c151659c2460d90adaca01a53045c4
-
SHA1
e1a02696511991705827352a1496861997f72e42
-
SHA256
2fe936d6b25266ad008ffe359931fc537bfbc3f00774af009c2de5f3abb04e1c
-
SHA512
96d1fb469f91d1a36d374aaad497362b7e11110f7ed708c24136fce5b6ae11a14a2b7aa6cdf86e5d58e8149fffb0b8512bff2f6079531eae92d8089b9b39f4ed
-
SSDEEP
393216:VcPxpiFTFeTwhLN3zmLen6r0OnbNm6TMaEcqpKVtckzH:KpGFqiLZb6Q2bNm8MaEcqdU
Behavioral task
behavioral1
Sample
Redline_20_2_crack/Kurome.Builder/stub.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Redline_20_2_crack/Kurome.Builder/stub.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
cheat
194.145.138.85:28105
Extracted
xworm
194.145.138.85:1604
Iom8xb4NUaLbxykI
-
install_file
USB.exe
Targets
-
-
Target
Redline_20_2_crack/Kurome.Builder/stub.dll
-
Size
96KB
-
MD5
625ed01fd1f2dc43b3c2492956fddc68
-
SHA1
48461ef33711d0080d7c520f79a0ec540bda6254
-
SHA256
6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b
-
SHA512
1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665
-
SSDEEP
1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-