General
-
Target
build_240514_191326.exe
-
Size
559KB
-
Sample
240521-j6df9aec4y
-
MD5
895493b29ce20d3e815e7eeef837bdb2
-
SHA1
2a9f87129eb0f19d1f1a23926e5d5607b5008603
-
SHA256
05fc0e79339dd99b39c7fee80a82d08678129afb565d6a3b7e0a2676efe36cf6
-
SHA512
b9eb37d1ac60831be0ece8e68b2927e4958517982616a09a406ddbd954caf50e0b5d8f03b1bdbebb677e2c410e51a6e34d3b86f03071f941fa4db00e5eea7fb0
-
SSDEEP
12288:oiaPTsxwJh+4fPHVrdcj9tBFxeWCOBlxo1m8wNteO0/8CRl+PPgwAgBuh6Frz2yU:oia71zzPw
Static task
static1
Behavioral task
behavioral1
Sample
build_240514_191326.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
build_240514_191326.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
6077866846_99
https://pastebin.com/raw/8baCJyMF
Targets
-
-
Target
build_240514_191326.exe
-
Size
559KB
-
MD5
895493b29ce20d3e815e7eeef837bdb2
-
SHA1
2a9f87129eb0f19d1f1a23926e5d5607b5008603
-
SHA256
05fc0e79339dd99b39c7fee80a82d08678129afb565d6a3b7e0a2676efe36cf6
-
SHA512
b9eb37d1ac60831be0ece8e68b2927e4958517982616a09a406ddbd954caf50e0b5d8f03b1bdbebb677e2c410e51a6e34d3b86f03071f941fa4db00e5eea7fb0
-
SSDEEP
12288:oiaPTsxwJh+4fPHVrdcj9tBFxeWCOBlxo1m8wNteO0/8CRl+PPgwAgBuh6Frz2yU:oia71zzPw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-