General
-
Target
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.bin
-
Size
560KB
-
Sample
230311-24qb5sdf3t
-
MD5
85709b808f7848d4905050bdaff8ebc5
-
SHA1
4e763e68036b23ab0765c316a6678f406a82a0b6
-
SHA256
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b
-
SHA512
489d1caee7303bb4c7d76de6f32249421308dfb75b13de31ed63e20ab500978bbb5aef8c5d88aa577d4cf373889778b04ee8673b3c645eec57041b8c4ffb679f
-
SSDEEP
12288:6Mrjy90dgnja1evLjX2BPHCnaaUrFfVGKT/5aXBCZMte6:1yQgnjyeH2pHCn3UrFfPaiEe6
Static task
static1
Behavioral task
behavioral1
Sample
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b.bin
-
Size
560KB
-
MD5
85709b808f7848d4905050bdaff8ebc5
-
SHA1
4e763e68036b23ab0765c316a6678f406a82a0b6
-
SHA256
005ac28c40b1cbbaecbe3f25ad0e63fda8d3f6cc0dfebc77c4b2f4f9857b8b5b
-
SHA512
489d1caee7303bb4c7d76de6f32249421308dfb75b13de31ed63e20ab500978bbb5aef8c5d88aa577d4cf373889778b04ee8673b3c645eec57041b8c4ffb679f
-
SSDEEP
12288:6Mrjy90dgnja1evLjX2BPHCnaaUrFfVGKT/5aXBCZMte6:1yQgnjyeH2pHCn3UrFfPaiEe6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-