General
-
Target
c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a
-
Size
432KB
-
Sample
240526-c7emdaca7v
-
MD5
291cd1c945bc670579cb5c5005afb42e
-
SHA1
3e4ba20eed4b88d9efcfeb6bcdb53d8b91365f3d
-
SHA256
c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a
-
SHA512
e34d895a06953a1fb2681884e045b5d4e2da3b41ea3f4ddbce63e0195f5d8ecf2d1c5606374b2172d7de7c19e4c55ffc3be4ca2dd71ac725e44d68b39d6596d2
-
SSDEEP
12288:AIVy90mtOPfwhZifxu2sb6HAAebxOEkjQf0dS:dydtocVbrkMcdS
Malware Config
Extracted
redline
furod
77.91.68.70:19073
-
auth_value
d2386245fe11799b28b4521492a5879d
Targets
-
-
Target
c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a
-
Size
432KB
-
MD5
291cd1c945bc670579cb5c5005afb42e
-
SHA1
3e4ba20eed4b88d9efcfeb6bcdb53d8b91365f3d
-
SHA256
c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a
-
SHA512
e34d895a06953a1fb2681884e045b5d4e2da3b41ea3f4ddbce63e0195f5d8ecf2d1c5606374b2172d7de7c19e4c55ffc3be4ca2dd71ac725e44d68b39d6596d2
-
SSDEEP
12288:AIVy90mtOPfwhZifxu2sb6HAAebxOEkjQf0dS:dydtocVbrkMcdS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables containing base64 encoded User Agent
-
Detects executables packed with ConfuserEx Mod
-
Executes dropped EXE
-
Adds Run key to start application
-