General
-
Target
ca959e23302ad17d87797e39118713c5d3bb2054bff6a79dddfdd8ba552ee195
-
Size
145KB
-
Sample
241109-zn3w7avlhr
-
MD5
2c61b728ad9d753e0e9e5cfbee2767ed
-
SHA1
7b7aec632c08ad052a5508505f7232590b8fbc8e
-
SHA256
ca959e23302ad17d87797e39118713c5d3bb2054bff6a79dddfdd8ba552ee195
-
SHA512
51a02b6c7faee8eec40eb91159c28e33d4001c5146c4aaf6d8b9b257a4c8c6873abee35b00f42fc0603e9551701fa2adcb69cff559c87deb057dac4e4392d4b8
-
SSDEEP
3072:p4sHLc4iuTGEqKCzJaqXnWmcyKSDJy0KjkgMJYCsFwC7NgtF2ykTOAG/Nhlm:psuTp2aqXnFc440KjkgMSChWgtF2ykBz
Static task
static1
Behavioral task
behavioral1
Sample
eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
@P1
193.106.191.138:32796
-
auth_value
54c79ce081122137049ee07c0a2f38ab
Targets
-
-
Target
eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc
-
Size
216KB
-
MD5
6638ec2762b89fb569b7d5360963d3a5
-
SHA1
9b381b87942202a85b4a058d205efd7ac92ce31e
-
SHA256
eb7cbffa46e3fa95bb17a52284185c03b342eee7411b88e68095bf58b6b06dcc
-
SHA512
1cbf7bbd978087bd648f949fbc7d84e0cdfda76c48134e570916f92c8f4a7cc1006250af2ef296b97b0d62af28b0ecd3e08722681ccd041a639f5da836b25227
-
SSDEEP
3072:8hbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:nCxGNp7FUyf2AhZjwINut
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-