General
-
Target
NEAS.b36bf6f75d167df9e0429bed4d0d2e00.exe
-
Size
1.1MB
-
Sample
231103-q6ta2abf91
-
MD5
b36bf6f75d167df9e0429bed4d0d2e00
-
SHA1
d8e9c82704994e43010eec1f9baf716fca4da19a
-
SHA256
c46cf4333d80962ff00807f1c4a9370453b917adf9494b3d620637936424a57e
-
SHA512
4557e4279b3d63bedff6e227387a2ba6dd6c9d8736556dd178b4ccd316458242b493a11dbb72f6375ee2c394da0a0a5e110c0d2aa825509647b832be6a23bda6
-
SSDEEP
12288:3qPKpDzLL3GvJYfS8RRgzFp+BXOMsZKO5VSiVufyZyItJo4O4Eh6wl78p:kyT3GvJYfS8R+2oHZKO5TXoFxh
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.b36bf6f75d167df9e0429bed4d0d2e00.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.b36bf6f75d167df9e0429bed4d0d2e00.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.b36bf6f75d167df9e0429bed4d0d2e00.exe
-
Size
1.1MB
-
MD5
b36bf6f75d167df9e0429bed4d0d2e00
-
SHA1
d8e9c82704994e43010eec1f9baf716fca4da19a
-
SHA256
c46cf4333d80962ff00807f1c4a9370453b917adf9494b3d620637936424a57e
-
SHA512
4557e4279b3d63bedff6e227387a2ba6dd6c9d8736556dd178b4ccd316458242b493a11dbb72f6375ee2c394da0a0a5e110c0d2aa825509647b832be6a23bda6
-
SSDEEP
12288:3qPKpDzLL3GvJYfS8RRgzFp+BXOMsZKO5VSiVufyZyItJo4O4Eh6wl78p:kyT3GvJYfS8R+2oHZKO5TXoFxh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-