Overview

overview

10

Static

static

3

NEAS.4f788...JC.exe

windows7-x64

10

NEAS.4f788...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.4f7882666628287bced711bdb387d030_JC.exe

  • Size

    1.1MB

  • Sample

    231023-vhcetscf82

  • MD5

    4f7882666628287bced711bdb387d030

  • SHA1

    cfac4cadf5c76a5893e24ebe7a47f59d3b50e485

  • SHA256

    f1c4f6176bd59871c33029b055dbbf2e2d3b9fdd187b1e7a1baa7d1364a681c4

  • SHA512

    1067cb6cf1e3fccedc4a58569fd4d02207b3b805998bf9e47a76fe7f85ef9d6bff3a34d2bc7bd520c76d116ba4ed06d4f1300d1d8a4d22ce616706deabf5f7ea

  • SSDEEP

    12288:lpxBWe/ONlV8dHlwp5IvxUVdiUauPE0LkX8ajnZa6uzkut3r3G/8owBe3hn4kJ:l/ONlV8dHlwp5I5YigPE018H/1n

Score
10/10
redlinebrehainfostealer

Malware Config

Extracted

Family

redline

Botnet

breha

C2

77.91.124.55:19071

Targets

    • Target

      NEAS.4f7882666628287bced711bdb387d030_JC.exe

    • Size

      1.1MB

    • MD5

      4f7882666628287bced711bdb387d030

    • SHA1

      cfac4cadf5c76a5893e24ebe7a47f59d3b50e485

    • SHA256

      f1c4f6176bd59871c33029b055dbbf2e2d3b9fdd187b1e7a1baa7d1364a681c4

    • SHA512

      1067cb6cf1e3fccedc4a58569fd4d02207b3b805998bf9e47a76fe7f85ef9d6bff3a34d2bc7bd520c76d116ba4ed06d4f1300d1d8a4d22ce616706deabf5f7ea

    • SSDEEP

      12288:lpxBWe/ONlV8dHlwp5IvxUVdiUauPE0LkX8ajnZa6uzkut3r3G/8owBe3hn4kJ:l/ONlV8dHlwp5I5YigPE018H/1n

    Score
    10/10
    redlinebrehainfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks