General
-
Target
525a6876f08934e8ec0a09c7a3ea608c13ded25820af2e8849e0e6ee5623e2f5
-
Size
786KB
-
Sample
231001-nz3j1sbh53
-
MD5
e1a1a356b31e7ef5ab91c2a8269e35fd
-
SHA1
a5b8a521c5cfed82ec12a5d050c753fb7eb1daa0
-
SHA256
525a6876f08934e8ec0a09c7a3ea608c13ded25820af2e8849e0e6ee5623e2f5
-
SHA512
3009ad1f0f9db168cc752c3396c0dba655dc97f908319882f548f15059d1e41a84d98963c8ce7e57640b4ca33afcd0d0e84ce560d55eedd449b7249aa5ab7727
-
SSDEEP
12288:pMrcy90B9ZCmXOx0KRE0m/njIyg/u9OBKxThgKGSmE2WdIw2jhwf:RyMOa0m8yg/uMBNg2WdIP1wf
Static task
static1
Behavioral task
behavioral1
Sample
525a6876f08934e8ec0a09c7a3ea608c13ded25820af2e8849e0e6ee5623e2f5.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Targets
-
-
Target
525a6876f08934e8ec0a09c7a3ea608c13ded25820af2e8849e0e6ee5623e2f5
-
Size
786KB
-
MD5
e1a1a356b31e7ef5ab91c2a8269e35fd
-
SHA1
a5b8a521c5cfed82ec12a5d050c753fb7eb1daa0
-
SHA256
525a6876f08934e8ec0a09c7a3ea608c13ded25820af2e8849e0e6ee5623e2f5
-
SHA512
3009ad1f0f9db168cc752c3396c0dba655dc97f908319882f548f15059d1e41a84d98963c8ce7e57640b4ca33afcd0d0e84ce560d55eedd449b7249aa5ab7727
-
SSDEEP
12288:pMrcy90B9ZCmXOx0KRE0m/njIyg/u9OBKxThgKGSmE2WdIw2jhwf:RyMOa0m8yg/uMBNg2WdIP1wf
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-