General
-
Target
91a590ca5c28788a7459dbfde39dc10f7cdc71137b312ba7b9f88e708563d5d9
-
Size
1.5MB
-
Sample
231021-wct85ahf86
-
MD5
2fe48c56cc44b399c6168d3c398d21cd
-
SHA1
4eda9cb040cd371b7ad9231a7f72e9502e546d83
-
SHA256
91a590ca5c28788a7459dbfde39dc10f7cdc71137b312ba7b9f88e708563d5d9
-
SHA512
63dc1986fd8ab6be2b006d79e49cd903fbde8155dd5b36ef9980fcb83fc4ced72a63d87bcc1ed9d6811060d06d7980ee9ef74e1ef78f3776308828560b0485c2
-
SSDEEP
24576:WyaHw/yLDb5T/iouPq7g3WPgTkIlIh+bMPs6qBtLT69Q+WrcSE1WStJAx+TP+I7S:lapnNpaqkmPqC4MPpqLT6KcSE1W0Cj0B
Malware Config
Extracted
redline
kolyan
77.91.124.82:19071
Targets
-
-
Target
91a590ca5c28788a7459dbfde39dc10f7cdc71137b312ba7b9f88e708563d5d9
-
Size
1.5MB
-
MD5
2fe48c56cc44b399c6168d3c398d21cd
-
SHA1
4eda9cb040cd371b7ad9231a7f72e9502e546d83
-
SHA256
91a590ca5c28788a7459dbfde39dc10f7cdc71137b312ba7b9f88e708563d5d9
-
SHA512
63dc1986fd8ab6be2b006d79e49cd903fbde8155dd5b36ef9980fcb83fc4ced72a63d87bcc1ed9d6811060d06d7980ee9ef74e1ef78f3776308828560b0485c2
-
SSDEEP
24576:WyaHw/yLDb5T/iouPq7g3WPgTkIlIh+bMPs6qBtLT69Q+WrcSE1WStJAx+TP+I7S:lapnNpaqkmPqC4MPpqLT6KcSE1W0Cj0B
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-