General
-
Target
952dcb1819d90cb9043d9656d7f7dba4da501ce94f07066f84bdb2a79f978b8b
-
Size
184KB
-
Sample
241108-lm1hsazglf
-
MD5
d1911510f8cde6c3d8a831edeefe0383
-
SHA1
f4d7641633e45bf865a06f4e3775dcf420323492
-
SHA256
952dcb1819d90cb9043d9656d7f7dba4da501ce94f07066f84bdb2a79f978b8b
-
SHA512
106ad40e8a3839db3d5bc0b314f86bb634f7bfb3621da101bec69304c60e31a48dc3a5aa9fd66ef07a6dcc65f315ab937afbdaa1530fdc37835d9c5cd98b22ee
-
SSDEEP
3072:7CBQ/DLEJ/tXwGVDaoEtGLd0Rd18WWXth/aNj9IQGPy6919wxWFa1UPTEES11j:7CBqLQfVitykDStxBP9jdMESLj
Static task
static1
Behavioral task
behavioral1
Sample
6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46
-
Size
399KB
-
MD5
bfe25c9c2514b4ba420be5b8e04b2dcc
-
SHA1
0cb48b683468dfc76cf05388b2545ff5aa47f1e9
-
SHA256
6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46
-
SHA512
40d49271435fe135da48554c097bab14a3bf8481d471f1c31914edf01140ff6ceda9b6c59939b64da9020a7682e31be435fdc63450899ddde92b2016f92f1d4e
-
SSDEEP
6144:cnTC5+E5GP8MSR4X3+trN99jUAOufMQ03rNmcDN:cnTC5+E5GP8Mj3BsfMl5mcN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-