General
-
Target
5acf104e117a7153e662aaff93bf9445
-
Size
1.0MB
-
Sample
240114-kqly5agbe8
-
MD5
5acf104e117a7153e662aaff93bf9445
-
SHA1
eaed74b2796c959458626d57efde4c96f05fdfda
-
SHA256
037b62cbe1d36e02a1232e3a0f627fc895be169fe16f8492a5f6a648120bb255
-
SHA512
c94f20ee5e9ac201fad63433db80c62790b009a027950ea117987e43791b667bea486de4c26a4d78ecb37b066aa136ae48ef451b0ca165906a029b8b96f3e9ed
-
SSDEEP
12288:DJfV6aJC6jog1/Q8ISZ07iS/d348yoBoRoDoyooS8kbFL4a8Zj/lmiQpckCz1Mg5:f6aV/Q8BS/d3YK64J5k5jSQpc24Ud8
Static task
static1
Behavioral task
behavioral1
Sample
5acf104e117a7153e662aaff93bf9445.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5acf104e117a7153e662aaff93bf9445.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
newlife957.duckdns.org:7225
Targets
-
-
Target
5acf104e117a7153e662aaff93bf9445
-
Size
1.0MB
-
MD5
5acf104e117a7153e662aaff93bf9445
-
SHA1
eaed74b2796c959458626d57efde4c96f05fdfda
-
SHA256
037b62cbe1d36e02a1232e3a0f627fc895be169fe16f8492a5f6a648120bb255
-
SHA512
c94f20ee5e9ac201fad63433db80c62790b009a027950ea117987e43791b667bea486de4c26a4d78ecb37b066aa136ae48ef451b0ca165906a029b8b96f3e9ed
-
SSDEEP
12288:DJfV6aJC6jog1/Q8ISZ07iS/d348yoBoRoDoyooS8kbFL4a8Zj/lmiQpckCz1Mg5:f6aV/Q8BS/d3YK64J5k5jSQpc24Ud8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-