General
-
Target
c0de7eb3dfe137c77d7853f5b355a6618aaff6384add3bbd2572837a5eeb6d51
-
Size
751KB
-
Sample
230608-gltlmadc9x
-
MD5
cd391ae6cf5be9f921ed4a0c166335c9
-
SHA1
1c2197b78afdcc751834b6cd37c0f939da2ba806
-
SHA256
c0de7eb3dfe137c77d7853f5b355a6618aaff6384add3bbd2572837a5eeb6d51
-
SHA512
aa420c6412cd9db751f7034e18439b5ed0f4d3b94c7e5d16499ffc16b30eb22b683a4149e5cb375e04c154fea550e33e3c3af5439bb89bb1ed5941e0c64ab9fb
-
SSDEEP
12288:aMrzy90CDWV9G9QJ3Smxf3foMueGYLJ0/iQ1XTPbx216LaY1RbmNo5HjBH:Ry95OJhN7ueGY10/i8XU6OYnm2HJ
Static task
static1
Behavioral task
behavioral1
Sample
c0de7eb3dfe137c77d7853f5b355a6618aaff6384add3bbd2572837a5eeb6d51.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
c0de7eb3dfe137c77d7853f5b355a6618aaff6384add3bbd2572837a5eeb6d51
-
Size
751KB
-
MD5
cd391ae6cf5be9f921ed4a0c166335c9
-
SHA1
1c2197b78afdcc751834b6cd37c0f939da2ba806
-
SHA256
c0de7eb3dfe137c77d7853f5b355a6618aaff6384add3bbd2572837a5eeb6d51
-
SHA512
aa420c6412cd9db751f7034e18439b5ed0f4d3b94c7e5d16499ffc16b30eb22b683a4149e5cb375e04c154fea550e33e3c3af5439bb89bb1ed5941e0c64ab9fb
-
SSDEEP
12288:aMrzy90CDWV9G9QJ3Smxf3foMueGYLJ0/iQ1XTPbx216LaY1RbmNo5HjBH:Ry95OJhN7ueGY10/i8XU6OYnm2HJ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-