General
-
Target
tmp
-
Size
92KB
-
Sample
230328-pddt7sce6x
-
MD5
f0b2f2d5186ecb1df278892375e29171
-
SHA1
f1e2e1365ad3463a5685bd6ab8eeb581f50dd0ee
-
SHA256
03ac65cbbc897a705cfa15c74bba1adc773f88db724398db12d105d19ee8ee50
-
SHA512
41fa116f39afd6f4e7fc7bad821c0ce9fe0db268dab18a9e83db6ec3fe6c83099bf14f80441f0bf87a4d5590782a1ba9908d6c576d8c56e224a8c096aae07c0d
-
SSDEEP
1536:EjpxRYrm0MlPJFZyMzJdNHJGQ/l3pS+2ZyxDG/ONJctGVaIsWkBcd5ApB:EjF0M9bldNrpS+2ZyxDG//UVb58B
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1089906964944920650/1090020680885600276/6456234.ps1
Extracted
redline
@pepsiiiks
37.220.87.13:48790
-
auth_value
fe64d38aa6dcc1910323ccf891188b46
Targets
-
-
Target
tmp
-
Size
92KB
-
MD5
f0b2f2d5186ecb1df278892375e29171
-
SHA1
f1e2e1365ad3463a5685bd6ab8eeb581f50dd0ee
-
SHA256
03ac65cbbc897a705cfa15c74bba1adc773f88db724398db12d105d19ee8ee50
-
SHA512
41fa116f39afd6f4e7fc7bad821c0ce9fe0db268dab18a9e83db6ec3fe6c83099bf14f80441f0bf87a4d5590782a1ba9908d6c576d8c56e224a8c096aae07c0d
-
SSDEEP
1536:EjpxRYrm0MlPJFZyMzJdNHJGQ/l3pS+2ZyxDG/ONJctGVaIsWkBcd5ApB:EjF0M9bldNrpS+2ZyxDG//UVb58B
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-