General
-
Target
tmp
-
Size
549KB
-
Sample
240420-ncp1eafg51
-
MD5
541265de5e9bbbdbd0a8105716fc6ef8
-
SHA1
1c4a44cd380e87a1d53db9ae6ceac5f4e8166837
-
SHA256
3ed565443e0c49b991d90cd32c4c060db6fe2af30b3a24586379024e0adc2e02
-
SHA512
4a9cd4acd085b6ee902b8292f7aa9381458338ad87b5881183f427bfdbb75ca1b97589fb831bd5ab19de279ae6f4ee9b8ed2380e597021f82767521a5705668f
-
SSDEEP
12288:xB/p8smtRpl73V7SxNWM/MOt/9fSLtZ8I6:xB6NV7SxNWMU2/MLfw
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
LiveTraffic
20.218.68.91:7690
Targets
-
-
Target
tmp
-
Size
549KB
-
MD5
541265de5e9bbbdbd0a8105716fc6ef8
-
SHA1
1c4a44cd380e87a1d53db9ae6ceac5f4e8166837
-
SHA256
3ed565443e0c49b991d90cd32c4c060db6fe2af30b3a24586379024e0adc2e02
-
SHA512
4a9cd4acd085b6ee902b8292f7aa9381458338ad87b5881183f427bfdbb75ca1b97589fb831bd5ab19de279ae6f4ee9b8ed2380e597021f82767521a5705668f
-
SSDEEP
12288:xB/p8smtRpl73V7SxNWM/MOt/9fSLtZ8I6:xB6NV7SxNWMU2/MLfw
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-