General
-
Target
NEAS.dfa9e951c06740a60e559a0e10606060.exe
-
Size
1.1MB
-
Sample
231105-zpvxzaec86
-
MD5
dfa9e951c06740a60e559a0e10606060
-
SHA1
bafb6217120091409c0e150740f435e2caa1051a
-
SHA256
b287dced5d97f2f8cf9b3fe6f5885addc12b485aafe5553d403cfa1aa1b6f88f
-
SHA512
42bf91eb9a252218cbad960495b9e7f4904b64f864c8bb6001da36061a3299960dac11caa2952b78190b381625af5d0f99c39f299f86c75fdab9b69a0fb79e56
-
SSDEEP
24576:sC5gjLHWdgAw/26p6Xy6GbSROMh4dh9SciZBPiH:sUTw/26p6CARJEh9Sc2PiH
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.dfa9e951c06740a60e559a0e10606060.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.dfa9e951c06740a60e559a0e10606060.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
NEAS.dfa9e951c06740a60e559a0e10606060.exe
-
Size
1.1MB
-
MD5
dfa9e951c06740a60e559a0e10606060
-
SHA1
bafb6217120091409c0e150740f435e2caa1051a
-
SHA256
b287dced5d97f2f8cf9b3fe6f5885addc12b485aafe5553d403cfa1aa1b6f88f
-
SHA512
42bf91eb9a252218cbad960495b9e7f4904b64f864c8bb6001da36061a3299960dac11caa2952b78190b381625af5d0f99c39f299f86c75fdab9b69a0fb79e56
-
SSDEEP
24576:sC5gjLHWdgAw/26p6Xy6GbSROMh4dh9SciZBPiH:sUTw/26p6CARJEh9Sc2PiH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-