General
-
Target
9a419c16bb37cea0998a337f42e71a977b970b475b3372da1b5cacfddb37afed
-
Size
1.1MB
-
Sample
231121-q97mtseh49
-
MD5
e33647f3fd0300d9f4e9b09fc7a8aefc
-
SHA1
8ec5e7fee0ad88a5a4e34bb5f7e53e4c07d9db95
-
SHA256
9a419c16bb37cea0998a337f42e71a977b970b475b3372da1b5cacfddb37afed
-
SHA512
82967cd4ce656350b370dd49aeea9852bcdbae802858aa11ef378a12314f1f9526c0919be601385abc84f47c5e8469fcb88762b91ca012322298512ac834bb12
-
SSDEEP
24576:Qy36I5WatRvczYSdL1Cp0Bvv9iOyxtRAfTpgNTMr3:XlWatRU9J1CWtFiO+RAfTpOT
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Targets
-
-
Target
9a419c16bb37cea0998a337f42e71a977b970b475b3372da1b5cacfddb37afed
-
Size
1.1MB
-
MD5
e33647f3fd0300d9f4e9b09fc7a8aefc
-
SHA1
8ec5e7fee0ad88a5a4e34bb5f7e53e4c07d9db95
-
SHA256
9a419c16bb37cea0998a337f42e71a977b970b475b3372da1b5cacfddb37afed
-
SHA512
82967cd4ce656350b370dd49aeea9852bcdbae802858aa11ef378a12314f1f9526c0919be601385abc84f47c5e8469fcb88762b91ca012322298512ac834bb12
-
SSDEEP
24576:Qy36I5WatRvczYSdL1Cp0Bvv9iOyxtRAfTpgNTMr3:XlWatRU9J1CWtFiO+RAfTpOT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-