General
-
Target
https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file
-
Sample
230401-xjcs4abh47
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file
Resource
win10v2004-20230220-en
windows10-2004-x64
15 signatures
150 seconds
Malware Config
Extracted
Family
redline
Botnet
@dxrkl0rd
C2
5.206.224.176:46989
Attributes
-
auth_value
9750c50e8073b21d538cfb6d993427dc
Targets
-
-
Target
https://mediafire.com/file_premium/2y96feq95azdc69/Script_GUI_%255B%25F0%259F%2594%2592_1515%255D.rar/file
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-