General
-
Target
04bd930932b9a72d8afcde1fde4d63bb5d321cc1f5674d2d852abdaa3b18097d
-
Size
119KB
-
Sample
241104-rkxl1a1flq
-
MD5
157f80158eb3a1e2b05740a930b81ba6
-
SHA1
42750cbc314e7627e9459a84481ab8a93dc92b1e
-
SHA256
04bd930932b9a72d8afcde1fde4d63bb5d321cc1f5674d2d852abdaa3b18097d
-
SHA512
f174b49ebc384142cc003b8a2983e54eb61fcd5c37e0ec647af0125161272ab61180d4512065b9a572361ee1a77ff23e730db58faa872b2081e12c349d20a747
-
SSDEEP
3072:BW8kOdiV+GX+Ojjuk3taSrNz63PqurAkzsI5RtpnEN:tMV9X+O1aSBz6lK
Static task
static1
Behavioral task
behavioral1
Sample
d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
pub2
89.22.231.25:45245
-
auth_value
ea9464d486a641bb513057e5f63399e1
Targets
-
-
Target
d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567
-
Size
277KB
-
MD5
14a7fd58316f6885b90b849d59f175c9
-
SHA1
2f61b5948b5f94233d4c91d775de72644b0771e4
-
SHA256
d82068382e82697bb266f6c668fd1cda36f7ca2de8ce34ae280e9c1397d02567
-
SHA512
daa31ce2bef9420f0f537c1e734517f6819aee00c5916d8ad1b780a1233ae89fe23684dc9534abae010990384d5ac53c3a451db35c4b02ee46c50d8b94edfcb0
-
SSDEEP
6144:d1NtyTXVo1HbjPdwaAMQIc5edLu/FYFr44qXfMtqbY5/EsyYQYc6WecjnxJb6wPt:d1NtyWVwaAMQ0LYUsfMtqbY58syYQYcp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-