General
-
Target
122f853e53f32ac56bc697d8bcba72f4ee52d787
-
Size
2.7MB
-
Sample
241109-y7kdhstrfk
-
MD5
afee1b67854c6b4c31680c08d05bb663
-
SHA1
122f853e53f32ac56bc697d8bcba72f4ee52d787
-
SHA256
2d1122f001cf4d85e5bb23a9ccaecd2abd658b472e78ce1cd70ffeef970a9c81
-
SHA512
b488afca7177493c418fb7debf6f3f5ed81732e6c968441715b728697cd6293df2ea253758f3320208fce5c90bfca18ee01a548aa128031ffb43b71d019f134d
-
SSDEEP
49152:UVthL/508oXLrEf6l4mOgW++3EcT65XUzXbrJ2LPaRv+HbMsPRDSVKS9xn+sn:IthZ6sf6l4mk/6yzLrcoiM0p4dxnd
Static task
static1
Behavioral task
behavioral1
Sample
Sketches characters/whiterow.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Sketches characters/whiterow.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
shadow
77.73.134.5:30812
-
auth_value
2179453466993e7da14c43ccb5c99ef2
Targets
-
-
Target
Sketches characters/whiterow.pif
-
Size
706.0MB
-
MD5
6ac54d8da3010a73e5673017b0a36ad1
-
SHA1
19be844eda2a9ef3b03a6d8d355bcfb3b06ab98b
-
SHA256
6b02a6d9732182ca8bf65a509aadb6923b42bb5a245225c94e64041e044c3332
-
SHA512
a1fc391d33ec7f3e94c2acaaf40ea8cbc010f711de1b67abaa70f0beb57f13bbfe1b1ae8cc3509cf5bad6db1ed3675ddfb592d08b743ab398d6abdf3d6724dec
-
SSDEEP
6144:xbQsfR/mRwBGV+XUYt8dFtIiw0fSH79Cju0c:xbz/mRZ+ELKiw0qH79Cjuz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-