General
-
Target
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265
-
Size
9.7MB
-
Sample
241109-ykql1szndw
-
MD5
43d6cbd5ddad4fd1dfb14f1b95c49932
-
SHA1
833ee898eaf9df9a8eb83713965e71de9719d32d
-
SHA256
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265
-
SHA512
1c515b918adc7f99e4d7964da0f593e14ccd5c9f91462e8370752ddec2c84a438f805e5ec3ddf03689b85ee23f9f5d0025a5a24f49f49f85f1c66b9785bfbcfc
-
SSDEEP
3072:SwDxgMzhr/MLZS2kLiXnJTvcYMocO+KPIQu679fE6fS1fms4R1N0dozjS8Tf6:XDWMzgC+rcwIQzxfLfS1fms4R1N0dg6
Static task
static1
Behavioral task
behavioral1
Sample
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
5674706393
116.203.87.254:44351
-
auth_value
b27ab0ff0ccdc42262da6a5541a1fda4
Targets
-
-
Target
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265
-
Size
9.7MB
-
MD5
43d6cbd5ddad4fd1dfb14f1b95c49932
-
SHA1
833ee898eaf9df9a8eb83713965e71de9719d32d
-
SHA256
f604e65cbd105abccf231728c40a6b4b7bb0057c2ca2d89a80d2dd2d0e23d265
-
SHA512
1c515b918adc7f99e4d7964da0f593e14ccd5c9f91462e8370752ddec2c84a438f805e5ec3ddf03689b85ee23f9f5d0025a5a24f49f49f85f1c66b9785bfbcfc
-
SSDEEP
3072:SwDxgMzhr/MLZS2kLiXnJTvcYMocO+KPIQu679fE6fS1fms4R1N0dozjS8Tf6:XDWMzgC+rcwIQzxfLfS1fms4R1N0dg6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-