General
-
Target
NEAS.b91bff2793d218fb9a34d49bf7bcbed0.exe
-
Size
1.1MB
-
Sample
231103-m8enwabc26
-
MD5
b91bff2793d218fb9a34d49bf7bcbed0
-
SHA1
00fada247acb0066b1b6b93cd7bf383deddc528b
-
SHA256
20818b31cf7934e86c9a353e27ba0e3ebd4f6d00986c0b8119e6fa30da41e4de
-
SHA512
0e03eebd8c42ca85ed4959e0d626b9e1d4f99218e0f8d110bf6ec0ce7cc4b07818742192044a91d68d40a31558ae43ff2773e283787d2e4379c3543195baebbb
-
SSDEEP
24576:Siu3GvJYfS8R+2oHZKO5bM4ZlhsOhsvAtffs:7YfS8RloH77lhsOhsvA
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.b91bff2793d218fb9a34d49bf7bcbed0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.b91bff2793d218fb9a34d49bf7bcbed0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.b91bff2793d218fb9a34d49bf7bcbed0.exe
-
Size
1.1MB
-
MD5
b91bff2793d218fb9a34d49bf7bcbed0
-
SHA1
00fada247acb0066b1b6b93cd7bf383deddc528b
-
SHA256
20818b31cf7934e86c9a353e27ba0e3ebd4f6d00986c0b8119e6fa30da41e4de
-
SHA512
0e03eebd8c42ca85ed4959e0d626b9e1d4f99218e0f8d110bf6ec0ce7cc4b07818742192044a91d68d40a31558ae43ff2773e283787d2e4379c3543195baebbb
-
SSDEEP
24576:Siu3GvJYfS8R+2oHZKO5bM4ZlhsOhsvAtffs:7YfS8RloH77lhsOhsvA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-