General
-
Target
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b
-
Size
4.7MB
-
Sample
240402-xnhj5sae3w
-
MD5
8b3875ea54679f894f697a683dae6f91
-
SHA1
bf8f74381267c43b744a714b70e6040ac3b49f3f
-
SHA256
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b
-
SHA512
13fb46763ee136fe079086e77a9e52ceb9eb301387106ab8ac3c0f7f1b84770c5b244592d75fdbd245e898c94d50970a5390ff84177778cf94c5211ef33687ad
-
SSDEEP
98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+
Static task
static1
Behavioral task
behavioral1
Sample
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b
-
Size
4.7MB
-
MD5
8b3875ea54679f894f697a683dae6f91
-
SHA1
bf8f74381267c43b744a714b70e6040ac3b49f3f
-
SHA256
99d89255c603d934070285bcbf5dc860a43a39c934711e608165386b49222f9b
-
SHA512
13fb46763ee136fe079086e77a9e52ceb9eb301387106ab8ac3c0f7f1b84770c5b244592d75fdbd245e898c94d50970a5390ff84177778cf94c5211ef33687ad
-
SSDEEP
98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-