General
-
Target
NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe
-
Size
1.1MB
-
Sample
231103-thwm2aed3y
-
MD5
25e4e3112f0b65ae71bb8494373a0b20
-
SHA1
67bc252c5fdcfe6c85eef76233b644e2fcaf86ba
-
SHA256
c33bcb84e76d128bdb882e1c19a41cf635c70021d79f760384dc079a50c7dab7
-
SHA512
14ddf42f7a78b1e53ba66d1860baf6d0d8ab6346abbe33f32600d6a75f90461ed80d329f1b6005fa95aea988665faf0ff3e5c0e56c4fdee8f32dace9a1730511
-
SSDEEP
24576:SFH3GvJYfS8Ru+onZKO5pyyFEXPJuN3l:ZYfS8RlonJyyFEXwN3l
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe
-
Size
1.1MB
-
MD5
25e4e3112f0b65ae71bb8494373a0b20
-
SHA1
67bc252c5fdcfe6c85eef76233b644e2fcaf86ba
-
SHA256
c33bcb84e76d128bdb882e1c19a41cf635c70021d79f760384dc079a50c7dab7
-
SHA512
14ddf42f7a78b1e53ba66d1860baf6d0d8ab6346abbe33f32600d6a75f90461ed80d329f1b6005fa95aea988665faf0ff3e5c0e56c4fdee8f32dace9a1730511
-
SSDEEP
24576:SFH3GvJYfS8Ru+onZKO5pyyFEXPJuN3l:ZYfS8RlonJyyFEXwN3l
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-