General
-
Target
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.zip
-
Size
1.9MB
-
Sample
240402-lt6ndadf47
-
MD5
fa37d9385523ce0744de5ac395d2a7bc
-
SHA1
e1d6a88ccd5d4e5bb74b65dbe41d3b24b0faedc8
-
SHA256
cb1ad382a28020ebe0a513c5a3f100e562ba7831c0eb4536dbfb7bcec839271e
-
SHA512
617d4a64c944f43659cea027ca513a37e287825a09ef732308373f6e28c4a2b28211b771dbfa6340b55cc730c09b22cebc2672ad8e9d46f0f1cdf8859b5bd01e
-
SSDEEP
49152:jU4M4h//+S9EK+xAjkqvm+d+5ExycwUHIVxt6988:j3h/haK+xAjkHc+5ExycIr8
Static task
static1
Behavioral task
behavioral1
Sample
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
NewCrypt
193.233.133.152:35515
Targets
-
-
Target
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473.exe
-
Size
4.9MB
-
MD5
287d2d8c6dc43061b992fd4767cac641
-
SHA1
bc6076dd3684d56476c4424e8e7b42d0a7e29d64
-
SHA256
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473
-
SHA512
180950864c8e87d6051c690df40a0af9f834f864bd7de0b497728b219102415018669f7ca7eeb0f51ed8d06eb475e19415e277e531e80b4d5b6e463846b6c112
-
SSDEEP
49152:CunOIh/VejoF8vwF/nluLRPct4whtfVKevv7m9gcQYPbH51a7zc60GtD:f/Veo8YF/nXMPbjAg60GtD
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-