General
-
Target
Rrobknnz-TORRENTOLD.exe
-
Size
2.3MB
-
Sample
230630-pn445sbd24
-
MD5
48545b3a32bc83046785f5ef2cacb8f7
-
SHA1
9e8cdfd6e5497c7a5b16792824fc5c9489c559b5
-
SHA256
9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3
-
SHA512
8a6c5643f27967e2998ce93ceb57c9289ea0cf63d3d673b3f3a6b0815c3e87ac52eb7d3fab108a1d1a6bb6fbd106c43c33bde1817f697eb8301ff74f2c696aa9
-
SSDEEP
49152:/UFOFLvCJx9fOaBHeFLlpiS66XNhyuOGbZZbw7:/VFGJx9GtBpiSFNiGE7
Static task
static1
Behavioral task
behavioral1
Sample
Rrobknnz-TORRENTOLD.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
Rrobknnz-TORRENTOLD.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
TORRENTOLD
amrican-sport-live-stream.cc:4581
-
auth_value
74e1b58bf920611f04c0e3919954fe05
Targets
-
-
Target
Rrobknnz-TORRENTOLD.exe
-
Size
2.3MB
-
MD5
48545b3a32bc83046785f5ef2cacb8f7
-
SHA1
9e8cdfd6e5497c7a5b16792824fc5c9489c559b5
-
SHA256
9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3
-
SHA512
8a6c5643f27967e2998ce93ceb57c9289ea0cf63d3d673b3f3a6b0815c3e87ac52eb7d3fab108a1d1a6bb6fbd106c43c33bde1817f697eb8301ff74f2c696aa9
-
SSDEEP
49152:/UFOFLvCJx9fOaBHeFLlpiS66XNhyuOGbZZbw7:/VFGJx9GtBpiSFNiGE7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-