General
-
Target
bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed
-
Size
1.0MB
-
Sample
230922-n81rsafh6s
-
MD5
436d44532ff198258bbc0b93292dd66c
-
SHA1
1297812fb8fe2bb4827f8e6f0dba83fac87988d4
-
SHA256
bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed
-
SHA512
13735ea25226f6ed904797a4888e344f13af185f6982b1fcb858441c4c5599f438ae22875f14614e8cf48c8ca760f39b6cad7a5a7eaf56b10d5d9769bb63933a
-
SSDEEP
24576:FyDLoyfhL3eCRwJ0eyEZNg9o2DVXr8AUefH3r:gXoYwCi07CMoaT3
Static task
static1
Behavioral task
behavioral1
Sample
bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
tuxiu
77.91.124.82:19071
-
auth_value
29610cdad07e7187eec70685a04b89fe
Targets
-
-
Target
bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed
-
Size
1.0MB
-
MD5
436d44532ff198258bbc0b93292dd66c
-
SHA1
1297812fb8fe2bb4827f8e6f0dba83fac87988d4
-
SHA256
bae95ea0ebe16f3f32e9632637af56124e8b3f785f62240acea9516b4a036bed
-
SHA512
13735ea25226f6ed904797a4888e344f13af185f6982b1fcb858441c4c5599f438ae22875f14614e8cf48c8ca760f39b6cad7a5a7eaf56b10d5d9769bb63933a
-
SSDEEP
24576:FyDLoyfhL3eCRwJ0eyEZNg9o2DVXr8AUefH3r:gXoYwCi07CMoaT3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-