General
-
Target
56d491a801475e9b14ae38bdc4fea972e551e05c53781d24dbecf416d9d2d3ad
-
Size
752KB
-
Sample
230608-gstj7sdd6x
-
MD5
45f56db7f5e5f8832d5984fc49d4185a
-
SHA1
0a881cbcb85e923bd492902b29a6a6fd70bae76a
-
SHA256
56d491a801475e9b14ae38bdc4fea972e551e05c53781d24dbecf416d9d2d3ad
-
SHA512
f7fb9355bb78732a659cb4171ef1df2808a875f79eda621cfaeb3778e7822572fa393e20dc88fdbc00b08ca9e0e1cc1e40734f2536840c6e789cdc04eca50c67
-
SSDEEP
12288:DMrVy90h3Hfm6OBvO2BA/EbBOzmx5juEOCNfkLAOkhBqf1sw4DrA:Kyo3HfmjdOrmeEOIfSlknqf1rGA
Static task
static1
Behavioral task
behavioral1
Sample
56d491a801475e9b14ae38bdc4fea972e551e05c53781d24dbecf416d9d2d3ad.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
56d491a801475e9b14ae38bdc4fea972e551e05c53781d24dbecf416d9d2d3ad
-
Size
752KB
-
MD5
45f56db7f5e5f8832d5984fc49d4185a
-
SHA1
0a881cbcb85e923bd492902b29a6a6fd70bae76a
-
SHA256
56d491a801475e9b14ae38bdc4fea972e551e05c53781d24dbecf416d9d2d3ad
-
SHA512
f7fb9355bb78732a659cb4171ef1df2808a875f79eda621cfaeb3778e7822572fa393e20dc88fdbc00b08ca9e0e1cc1e40734f2536840c6e789cdc04eca50c67
-
SSDEEP
12288:DMrVy90h3Hfm6OBvO2BA/EbBOzmx5juEOCNfkLAOkhBqf1sw4DrA:Kyo3HfmjdOrmeEOIfSlknqf1rGA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-