General
-
Target
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef
-
Size
891KB
-
Sample
230507-je2d1aef29
-
MD5
6a02ee6def7faffa88444d2cb0173ec6
-
SHA1
45afe19afc920cb25fe4dbb4464368007a0c0bc0
-
SHA256
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef
-
SHA512
c4c209c4a8a0ef872ae3b26dfe9e8fd593c8cef35c51edd0721ec9252ad0cc4e4f76e2339bbe6b246ba4792ab09a54664a8bf689b24cd6199f5acb2a27ce1862
-
SSDEEP
24576:LyUR2V6nyhI8PJnaPwMihsCQH96ZRsKrP91CQg+hFY:+UIVeyh/PJaPwMYJdZm8l1jF
Static task
static1
Behavioral task
behavioral1
Sample
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dork
185.161.248.73:4164
-
auth_value
e81be7d6cfb453cc812e1b4890eeadad
Targets
-
-
Target
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef
-
Size
891KB
-
MD5
6a02ee6def7faffa88444d2cb0173ec6
-
SHA1
45afe19afc920cb25fe4dbb4464368007a0c0bc0
-
SHA256
ddb8175d303ed2d36480b9cd0e23b28c5afd5ecc8a8950ae8c453c20668c2bef
-
SHA512
c4c209c4a8a0ef872ae3b26dfe9e8fd593c8cef35c51edd0721ec9252ad0cc4e4f76e2339bbe6b246ba4792ab09a54664a8bf689b24cd6199f5acb2a27ce1862
-
SSDEEP
24576:LyUR2V6nyhI8PJnaPwMihsCQH96ZRsKrP91CQg+hFY:+UIVeyh/PJaPwMYJdZm8l1jF
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-