General
-
Target
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef
-
Size
4.7MB
-
Sample
240402-y2nhzscd51
-
MD5
2be93630b47e626d75ab22cf13b5958f
-
SHA1
23898220b077e6d312a769fa6b3d0d4928696fb9
-
SHA256
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef
-
SHA512
68cf0e7def6bf892ccb0dc35b4523bd4f59534c6bfea395f02fd16330e496c2267e4d18c82d6e7e379b0510e466c32e508ff3fa57af78df127075e418e5b834b
-
SSDEEP
98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+
Static task
static1
Behavioral task
behavioral1
Sample
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef
-
Size
4.7MB
-
MD5
2be93630b47e626d75ab22cf13b5958f
-
SHA1
23898220b077e6d312a769fa6b3d0d4928696fb9
-
SHA256
70e865ffbff1d7ee4080d7c5ecafa8d014044b62babccab783ae5affd6ca84ef
-
SHA512
68cf0e7def6bf892ccb0dc35b4523bd4f59534c6bfea395f02fd16330e496c2267e4d18c82d6e7e379b0510e466c32e508ff3fa57af78df127075e418e5b834b
-
SSDEEP
98304:xdOz+y7nMS9h6mvDdPfTLniKdzOJDb4v+:xM6ypZPLLBwN0v+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-