General
-
Target
Patch.exe
-
Size
300.6MB
-
Sample
240405-g9qjwadg51
-
MD5
93012a266eff83ebf81f41b696f0afe2
-
SHA1
450b5561d703e02d7e2e3c8edb5a61cf585c3946
-
SHA256
ea28eb3e05ef8fe150ca0d876df588189bb1fe887a7980d68030862fc0508732
-
SHA512
4d268665baf702bbc902a5351a5ad7230d681b9409ede4f379828446ba27efc78c5bd569172dc25c3f6322668b10466a0ec4146047bf68e6d23b094f956da000
-
SSDEEP
6144:NVeUT4Kbjq06viONri4LuzOG25JDOMpkMQ2SAYUa/qqdhxMht:NYrED6vXNHLuzOG25JtB8A/abM3
Static task
static1
Behavioral task
behavioral1
Sample
Patch.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Patch.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Patch.exe
Resource
win11-20240221-en
Malware Config
Extracted
redline
1
65.21.98.68:18721
-
auth_value
6c69d40026f4e6ecde0e32048f7bacd4
Targets
-
-
Target
Patch.exe
-
Size
300.6MB
-
MD5
93012a266eff83ebf81f41b696f0afe2
-
SHA1
450b5561d703e02d7e2e3c8edb5a61cf585c3946
-
SHA256
ea28eb3e05ef8fe150ca0d876df588189bb1fe887a7980d68030862fc0508732
-
SHA512
4d268665baf702bbc902a5351a5ad7230d681b9409ede4f379828446ba27efc78c5bd569172dc25c3f6322668b10466a0ec4146047bf68e6d23b094f956da000
-
SSDEEP
6144:NVeUT4Kbjq06viONri4LuzOG25JDOMpkMQ2SAYUa/qqdhxMht:NYrED6vXNHLuzOG25JtB8A/abM3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-