General
-
Target
21ca85078d6b2d76ccb6cbf7bf508bb8e02ed1184a9bca435474aae4e6fb388d
-
Size
666KB
-
Sample
240708-dacbes1dma
-
MD5
01bb17dd0cbf9a42f8c8f162e64600c0
-
SHA1
723f4d2486765d7f091ebc0982cba3ed30919aad
-
SHA256
21ca85078d6b2d76ccb6cbf7bf508bb8e02ed1184a9bca435474aae4e6fb388d
-
SHA512
e6e9feebad932504e3bbc38030d7417a90c01361f287555086fa3b79bb3a11490614cb5e9b9ce7e33075938229299fecc94ce917293178963af61077f743b161
-
SSDEEP
12288:qGjMiFUzCrG0v2O64t9EEHg2kcKWznQFVb8XTl7OCN7buvqOCk4zCf8/a1br:zj59R9El2kHWKVb8XTtOCeqOB4zh/mX
Static task
static1
Behavioral task
behavioral1
Sample
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
VIP
173.195.100.68:1912
Targets
-
-
Target
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4.exe
-
Size
1.5MB
-
MD5
27a8a92f7b2d4ec7977165d5b6aac135
-
SHA1
0ca94d3c5e5fcb6ee0952ec2a9c2e98f5a27c700
-
SHA256
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4
-
SHA512
da6ef0bd87e597efaa7791d25958039b0bb910532555c8d9c8d542fa38ffc302fbd156f06c0d72db9af647272d77032a65458dc804a220175d1d60a518e27a6f
-
SSDEEP
12288:akprWrfjIMvv+XHw2dOb25Z2TVPFGhWI/CIbYOE/IBikjUGuR:ErAXHw9trGs8CnOliAUh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-