Overview

overview

10

Static

static

3

NEAS.25e4e...20.exe

windows7-x64

10

NEAS.25e4e...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe

  • Size

    1.1MB

  • Sample

    231103-thwm2aed3y

  • MD5

    25e4e3112f0b65ae71bb8494373a0b20

  • SHA1

    67bc252c5fdcfe6c85eef76233b644e2fcaf86ba

  • SHA256

    c33bcb84e76d128bdb882e1c19a41cf635c70021d79f760384dc079a50c7dab7

  • SHA512

    14ddf42f7a78b1e53ba66d1860baf6d0d8ab6346abbe33f32600d6a75f90461ed80d329f1b6005fa95aea988665faf0ff3e5c0e56c4fdee8f32dace9a1730511

  • SSDEEP

    24576:SFH3GvJYfS8Ru+onZKO5pyyFEXPJuN3l:ZYfS8RlonJyyFEXwN3l

Score
10/10
redlinegromeinfostealer

Malware Config

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Targets

    • Target

      NEAS.25e4e3112f0b65ae71bb8494373a0b20.exe

    • Size

      1.1MB

    • MD5

      25e4e3112f0b65ae71bb8494373a0b20

    • SHA1

      67bc252c5fdcfe6c85eef76233b644e2fcaf86ba

    • SHA256

      c33bcb84e76d128bdb882e1c19a41cf635c70021d79f760384dc079a50c7dab7

    • SHA512

      14ddf42f7a78b1e53ba66d1860baf6d0d8ab6346abbe33f32600d6a75f90461ed80d329f1b6005fa95aea988665faf0ff3e5c0e56c4fdee8f32dace9a1730511

    • SSDEEP

      24576:SFH3GvJYfS8Ru+onZKO5pyyFEXPJuN3l:ZYfS8RlonJyyFEXwN3l

    Score
    10/10
    redlinegromeinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks