General
-
Target
17c9df17ba5488cf86abd5ac65bfc3da95db6daaa3eb62c88b22b52416ba8e52
-
Size
751KB
-
Sample
230608-gqn7pscg89
-
MD5
bc9823fb6d6d8e0773f5b1aa50fd4cfa
-
SHA1
d3b2247e62e3d75bde2695f8120fbdfafa448d20
-
SHA256
17c9df17ba5488cf86abd5ac65bfc3da95db6daaa3eb62c88b22b52416ba8e52
-
SHA512
37164991ade87dd117b1d97a70a47d5723d2a68e333b83128aa51c02e6d487933c2867c988ce4d0a7aa60ea858533dc89786ba13ea0db4621012c83d9975a267
-
SSDEEP
12288:pMrBy909I3/RM2jH/z2aAEbhVBfeUhiPxR2Hy4NN6KnzCeGaFIS8:cy6CvqarhVxeeWxR+pnzRNFIS8
Static task
static1
Behavioral task
behavioral1
Sample
17c9df17ba5488cf86abd5ac65bfc3da95db6daaa3eb62c88b22b52416ba8e52.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
17c9df17ba5488cf86abd5ac65bfc3da95db6daaa3eb62c88b22b52416ba8e52
-
Size
751KB
-
MD5
bc9823fb6d6d8e0773f5b1aa50fd4cfa
-
SHA1
d3b2247e62e3d75bde2695f8120fbdfafa448d20
-
SHA256
17c9df17ba5488cf86abd5ac65bfc3da95db6daaa3eb62c88b22b52416ba8e52
-
SHA512
37164991ade87dd117b1d97a70a47d5723d2a68e333b83128aa51c02e6d487933c2867c988ce4d0a7aa60ea858533dc89786ba13ea0db4621012c83d9975a267
-
SSDEEP
12288:pMrBy909I3/RM2jH/z2aAEbhVBfeUhiPxR2Hy4NN6KnzCeGaFIS8:cy6CvqarhVxeeWxR+pnzRNFIS8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-